2

What I have seen so far is the ability to automate signing hashes and string offsets as a way for an AV-engine to detect possible malware. Does this prove to be a good strategy for malware detection? It doesn't seem to be so since it relies on static strings and has no defense for self modifying code let alone the huge influx of new malware.

What are other strategies for detecting malware (that could potentially be automated)?

Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
user3239567
  • 21
  • 1
  • 5
    Very close to being duplicate of [this](http://security.stackexchange.com/q/438/86652). If "other strategies" question is not about security companies, but users, then there are answers already. – techraf Jun 23 '16 at 23:32
  • @techraf: I think the question is in general (companies or not), which is pretty much what is discussed in the link you provided. – lepe Jun 24 '16 at 01:12

1 Answers1

0

Going back to a security in layers approach, there is no one magic bullet. Good detection / protection involves the use of multiple systems working together.

For Detection:

Start with good AV software (av-comparitives.org) and then add end-point protection (e.g., Carbon Black, Sophos, F-Secure...) top it off with some network monitoring (e.g., Splunk, BTB's RADAR, AlienVault...)

For Protection

Client-side firewall (for when not on the corporate network) Corporate firewall with proper egress and content filtering. Next-gen firewalls like Palo Alto can do deep packet inspection but they get pricey.

And as always... good security awareness training programs to educate your weakest link (the user) ;-)

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
HashHazard
  • 5,105
  • 1
  • 17
  • 29