NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Security Team Intelligence

SANS Critical Control 5: Malware Defenses

In this latest installment of this blog series, I am going to analyze how to implement the SANS Critical Control #5: Malware Defenses using Unified VRM.

Enterprises and organizations belonging to any industry and government have been lately particularly victimized by targeted hacking attacks and malware of increasing sophistication. Botnets, trojans and exploit kits are making their round on a weekly basis continuously being updated with the latest 0-day exploits. Anti-virus companies are playing “catch-up” trying to update their products with the latest malware signatures. However, this is a “cat and mouse” game.

Unified VRM is not an anti-malware or a malware detection solution per se. However, appropriately configured through a specially crafted scan template, it can interact with tools that helps in malware detection.

As mentioned in a previous blog post, Unified VRM can interact with the remote agent SLAD installed in target system. SLAD can execute and interact with a series of malware detection and prevention tool, including:

  1. It can collect snort IDS logs from the target system, gathering evidence of malware infection. The snort signature are very powerful malware detection tool as they are created by a huge community of intrusion detection engineers.
  2. It can interact, run and collect logs from tripwire from the target system. Tripwire is a very powerful tool to perform file and file system integrity checking to detect signs of malware compromises.
  3. It can run and collect logs from the open source antivirus CLAMAV installed on the target system. Like Snort, CLAMAV has a huge community of open source developers that write open source malware detection signatures.
  4. It can run and collect logs from the open source tool “chkrootkit” installed on the target system. Chkrootkit is a tool used to detect the compromise of the system by most common rootkits and trojans.
  5. Unified VRM Internal scan engine has an authenticated vulnerability check that logs into target systems and scans for signs of malware compromise, detecting the most famous malware including Blackhole exploit kit and Zeus trojan.
Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.