Malware detection

Malware: Is malicious software that’s specifically developed to infiltrate or cause damage to computer systems without the owners’ knowledge or permission.
Next-generation firewalls (NGFWs) with integrated IPS with advanced anti-evasion provide the ability to identify and block malware before it can enter your network so that you can defeat these sophisticated evasion techniques.

Ideal intrusion prevention systems need to be able to stop any kind of attack, including Trojans,viruses and worms that may be hidden in seemingly innocent traffic.

In reality existing IPS not preventing malware intrusion, many variants are undetectable, 30 days before vulnerability known and patched. Traditional approach is absoletemalware alert as anti-virus programms are not able to detect over 50% of malware.

Essential measures:

1. Awareness.
     Educate workforce. Acceptable use policies.
2. Segmentation.
    Network segmentation. Isolate critical application. Protect critical assets. Restrict to business needs.
3. Monitoring
   Prioritize. Capture critical events. Monitor any anomalies. Generate automated alerts.
Another technology that can combat infections at the stage of payload is call-home detection. Callhome
detection is a feature of some secure web gateway solutions that can detect infected
computers by their requests for known malware command-and-control URLs. While this
feature can’t prevent infection, it can help you identify infected systems on your network.