Signature-based malware detection is a solution for yesterday’s problem. Today, new malware payloads are created by the thousands, new packaging of old threats and new variants are introduced hourly - keeping signatures up to date is simply no longer a viable solution. To detect today’s threats you must monitor your environment for the behavioral patterns that are tell-tale signs of a malware infection. You can do this in just a few clicks with AlienVault USM.
New malware payloads are introduced daily. It’s getting harder to rely on signatures to find them because malware just changes too quickly. Today, you’ve got to monitor your environment for common indicators of malware infections, like any communication with malicious known hosts. In USM, this can be accomplished in just a few clicks. So we want to look at all the outbound communication. Let’s look at our firewall data, since pretty much all of our traffic goes through that device. We can them filter these events for communication with IP addresses found on the open threat exchange. To identify the assets that this communication is coming from, we can then group by source IP address. Now, we can see that there are 80 assets within our environment that are communicating with malicious hosts.
Looking at the details, we can see that this machine is communicating with hosts in America and in the Netherlands. To better understand what we’re facing, we can look at the details on the open threat exchange. Here we can see that this host has been seen by other members doing malicious activity for around five or six months. And that’s all it takes to identify malware infections in AlienVault USM. With USM, you can achieve security visibility in minutes, not months. If you’re interesting in exploring more, download our free 30 day trial to get some hands on experience in your own environment.