Hardening guides and various security tools make it possible to lock down a single host to resist infection. Similarly, watching over a single system to discover an intrusion attempt is usually within the realm of possibilities. Even responding to a malware infection on a single system is a manageable, though time consuming process.
In contrast, the challenges of combating malware at the enterprise scale are an order of magnitude more difficult, and require a different set of skills and tools. Here’s why:
- The diversity of business needs throughout the enterprise: It’s very hard to define and enforce a consistent set of security controls across all IT infrastructure components when faced with numerous usage requirements.
- The geographic dispersement of systems across the enterprise: Monitoring and locking down hosts that are difficult to reach over the network results in inconsistent configurations and visibility gaps, especially when laptops are in the picture.
- The difficulty of taking actions that span multiple systems: Resisting and investigating infections requires the ability to run commands and analyze data on numerous systems throughout the environment in a scalable manner.
- The political complexities of real-world organizations: Imposing security requirements and responding to incidents is hard when internal politics get on the way (e.g., some departments prefer to run IT independently from the rest of the organization).
- The heterogeneity IT in many enterprise environments: IT infrastructure that services an enterprise is often comprised of a wide range of technologies, making it hard to maintain expertise for all aspects of IT that malware might affect.
- The myriad of laws and regulations that affect many enterprises: IT staff’s efforts to discover, resist and respond to infections need to account for the numerous legal and regulatory factors relevant to their organization.
How to deal with these challenges? Enterprise Management Systems (EMS) can help. So can specialized enterprise-grade anti-malware tools. Technological and communications skills of the IT staff matter a lot. So does looking at malware as an element of the overall security incident cycle. And more.
If this interests you, take a look at the 2-day Combating Malware in the Enterprise course, which I recently co-authored at SANS Institute. Also, I discuss the topic in some detail in an article titled 4 Steps To Combat Malware Enterprise-Wide.