I also tweet, blog and . Contact Me|Research

Stopping Malware on its Tracks

Malicious software helps attackers infiltrate network and system defenses, disrupt business operations, and funnel sensitive data out of corporate and personal computers. Unfortunately, there is no single-step fix to preventing and even detecting infections. Stopping malware requires an approach grounded in awareness and control.

Be attuned to the state of your network and systems

Malicious software, such as bots and spyware, often goes unnoticed for far too long. Well-crafted malware can avoid being detected by antivirus software and intrusion detection systems. The first line of defense against such a formidable foe is to become familiar with the normal state of your IT infrastructure, and monitor it to detect anomalies.

Establishing and maintaining IT infrastructure awareness means committing to the following steps:

Trap malware with honeypots

Honepots combine the best aspects of detective and preventative technologies in the fight against malware. Honeypots are systems specifically deployed to be compromised. While the development of commercial honeypots seems to have lost steam, there is a plethora of innovative and freely available honeypot technologies. When carefully deployed, they can strengthen an enterprise's defensive posture in several ways:

The most challenging aspect of using honeypots is deploying them in a manner that prevents an intruder from using them as a launching pad for attacks. If your organization chooses to experiment with honeypots, be sure to implement the safeguards outlined in each tool's documentation. For an overview of honeypots and deployment scenarios, see the book Virtual Honeypots by Niels Provos and Thorsten Holz.

Protect the endpoint from malware threats

Alas, despite information security's best efforts, malicious software may bypass network defenses and reach a system you're trying to protect. Personal computers are particularly vulnerable, because PCs are often used in unpredictable ways and places. Here are the techniques that can help lock down laptops and desktops:

A comprehensive security program is a must

As your organization considers its antimalware strategy, remember that there is no quick fix to this growing threat. Effective approaches incorporate detective and preventative controls that create multiple defensive layers. There are products, both commercial offerings and free tools, to help you along the way. These tools are only as effective as the overall security program that they are a part of.


Authored by Lenny Zeltser. Lenny is a business and tech leader with extensive experience in information technology and security. His areas of expertise include incident response, cloud services and product management. Lenny focuses on safeguarding customers' IT operations at NCR Corporation. He also teaches digital forensics and anti-malware courses at SANS Institute. Lenny frequently speaks at conferences, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania. You can follow Lenny on Twitter, read his blog and .