Validating Advanced Malware Protection by Brian Contos
Wouldn’t it be great if all the things we use like cars, computers and vending machines just worked and stayed working forever? We know that’s not real life, and while advanced malware protection solutions can be incredibly powerful, many of our customers have expressed various concerns. This is especially evident as it relates to having assurances that those solutions continue to be configured correctly and essentially are working as expected.
Consider this common scenario: an organization experiences a breach. In response, they might invest in areas of concern such as advanced malware protection across endpoint, email, and network. Unfortunately, a common outcome is that, over time, the effectiveness of the investment becomes unclear and simple questions can’t be answered.
- Are we getting the same value in production that we experienced during our POC?
- Do our advanced malware protection solutions work as expected?
- Do we have assurances that configuration changes are working as intended?
- Are we safe from the most recent XYZ attack?
With the Verodin Security Instrumentation Platform (SIP) you can validate the effectiveness of your security solutions by safely visualizing real attack behaviors in your production environment across endpoint, network and cloud. You can apply prescriptive configuration updates supplied directly from Verodin SIP. You can get assurances on configuration changes so you know if the changes worked and following, you can continuously validate those changes to ensure they are continuing to work over time. This is particularly valuable for mitigating defensive regression:
- Network configuration changes impacting traffic visibility
- Inability to monitor the entirety of a network flow is disabling analysis
- Email relay modifications are allowing emails to bypass scanning
- Endpoint configuration changes accidentally moved from prevention to alerting
- Logs and alerts aren’t making it to the SIEM correctly and/or the SIEM isn’t correlating
Verodin SIP provides security effectiveness validation and configuration assurance by leveraging Verodin-supplied attack behaviors that include artifacts like packet captures, emails, malicious socket connections, command line executions, PowerShell, Bash, protected program execution, documents, scripts and many more. And Verodin SIP utilizes an Open Content Platform so you can add your own attack behavior from threat intelligence, PCAP databases, ISACs and the like. These sources are converted within Verodin SIP from raw attack data to routable, weaponized behaviors that can be safely used within your production network in seconds.
Advanced malware protection solutions can provide strong security. But you need to be able to validate that they are operating as desired and that tuning, patches and other configuration changes haven’t had a negative impact. More simply, Verodin SIP helps make sure that your advanced malware protection solutions are providing the advanced malware protection you want.
- Malicious File Transfer: What You Need To Know About an Attacker’s Methods and Techniques To Protect Your Organization From Malware by Ursula Cowan
- Verodin LATAM Party (Porto Alegre Brazil) by Brian Contos
- Policy Evasion: Evasive Techniques You Need to Understand to Prevent Breaches and Attacks by Major General Earl Matthews USAF (Ret)
*** This is a Security Bloggers Network syndicated blog from Verodin Blog authored by Verodin Blog. Read the original post at: https://www.verodin.com/post/validating-advanced-malware-protection
