It should come as no surprise that nowadays malware has become big business. Bad actors are increasingly better funded and improving their approaches for attacking us. We have reached the point where hacking has become industrialized. As vendors develop solutions, attackers continue to innovate. If you think about it, just 10 years ago, we were focused on less sophisticated attacks like Blaster and Slammer. Over time, we have moved from stopping simple viruses and macroviruses of the ‘90s to worms to later the spyware and rootkits of the mid-2000s to today’s APTs and crimeware. Experts estimate that more than 280 million different viruses were released last year alone. The challenge of defending our organizations is a daunting one, requiring a number of technologies working together before, during, and after an attack. In this chalk talk we provide a high-level overview of the techniques that are typically used to protect endpoints from malware.
In Part 2 of this topic, Sourcefire shows a more detailed look at the signatures technique: