0800 799 7322
Malware (short for “malicious software”) refers to any software that can be harmful to the host
machines that it infects. You may have heard terms like “viruses”, “worms”, “trojans”, and
“ransomware” – these are all examples of malware.
As well as leaving potential destruction and data loss in their wake, many viruses include
functionality that allows them to replicate and spread to other devices. They exploit network-wide
security gaps in order to duplicate themselves, potentially infecting vast areas of a network in mere
A high-profile example of a particularly destructive piece of malware is infamous WannaCry virus. It’s
an example of “ransomware”: software that encrypts the contents of a machine’s hard drive,
informing the user that their information can be recovered for a fee – effectively holding their data
Malware can be hidden in files and software, and can spread by exploiting specific vulnerabilities in a
Modern antivirus software is incredibly sophisticated and works well for known viruses. However, there is an illusion that simply installing an antivirus program will protect you from all viruses. This is sadly not the case.
Firstly, developing antivirus controls is inherently reactive. Though antivirus security teams analyse known viruses in order to provide accurate detection, prevention, and remediation tools, new malware strains are emerging all the time. Once a new instance of malware is discovered, it can take
Rebasoft Malware Detection Use Case 2 antivirus companies days – even weeks – to engineer a fix and distribute it. Countless other machines across your network could continue to propagate the infection in that time.
Secondly, there’s the matter of “phishing”. Phishing emails are genuine-looking emails that trick recipients into
downloading viruses, sharing passwords, or giving money to cybercriminals. Scammers are getting remarkably good at creating believable assets and using psychological tricks to coerce people.
Targeted phishing attacks – known as “spear phishing” attacks – can be particularly convincing. They generally take the form of official-looking documents that encourage the recipient to act now; such as tax refunds, payment advice documents, outstanding invoices, missed deliveries, and parking tickets. They carefully choose their email addresses and formatting to look almost indistinguishable from the real thing. Antiviruses are very robust, but can’t completely protect against human error.Therefore, phishing can present two potential cyber threats to your network – malware infections and sharing sensitive informati on (like login details) with unauthorised people. They’re two very different threats that can both be caused by phishing tactics. But when viewed as a whole, it only takes one weak link to introduce threats into even the largest, most far-reaching networks. One team member caught off-
guard by a fake request for their username and password; one busy professional too distracted to keep their anti-malware controls up to date; one overworked executive hoodwinked into downloading an infected document. And regardless of how innocuous the interaction may seem – downloaded malware or shared login credentials – the impact can be profound.
Antivirus programs and IT security training are essential, but they are not infallible. This is where network monitoring solutions like Rebasoft can help.
Rebasoft enables your IT engineers to wage a two-pronged attack on potential malware and
Network Inventory & Antivirus CoverageAs soon as it is deployed, Rebasoft sets to work piecing together a picture of your entire network
including all connected devices: PCs, servers, routers, switches, IoT hardware, and more. When you
maintain a constant awareness of the devices that make up your network, you’re in a much better
place to gauge the effectiveness of your current security practices and establish the potential issues
that may be caused by malware.
Traditional asset management systems rely on infrequent scans to create an inventory of network
devices, meaning that devices can easily get missed if they join and leave the network in between
scans. However, Rebasoft is an always-on solution that updates in real time – meaning that all
connections to and disconnections from your network will be picked up in mere moments.
Despite the flaws mentioned above, anti-malware defences are a critical component to any
cybersecurity defence strategy; antivirus software really is your first line of defence. But merely
having antivirus software installed doesn't mean a machine is totally protected - PCs also need up to
date virus definitions (known as "pattern files") in order to be as effective as possible.Rebasoft Malware Detection Use Case 3
Rebasoft tracks and records antivirus coverage across your whole network, giving you “at a glance” insight into which systems do have antivirus software installed, which devices have out of date virus definitions, and which devices aren’t protected by anti-malware controls at all.So, let’s put this in real terms with an example. Let’s say a network has 1,000 PCs and an antivirus
coverage rate of 99%. That may sound promising, but that’s still 10 unprotected PCs that could easily
let malware into the network. Additionally, their pattern deployment rate may only be at 90% -
meaning they have 100 PCs with out of date virus definitions and 10 PCs with no antivirus protection
at all. Understandably, this can leave a network very vulnerable, but Rebasoft could help them
identify and close these gaps with ease.
Network Behaviour & Telemetry
Antivirus software is an ideal solution for PCs, but unfortunately malware can affect a variety of
systems – some of which can’t be protected via traditional anti-malware controls. But all is not lost;
malware usually spreads across networks using unusual traffic patterns which can be easily detected
by network telemetrysystems like Rebasoft.
Under normal circumstances, traffic usually flows up and down a network’s hierarchy – up to servers and down to individual PCs and devices. This is called
“north-to-south” traffic. However, in an
attempt to spread rapidly throughout a network, malware is often designed to hop “across” a network, resulting in “east-to-west” traffic. An increase in east-to-west traffic can be a tell-tale sign
that malware is trying to spread across your network.
Because Rebasoft maintains a constant bird’s-eye view of your entire network, it can detect unusual behaviour patterns like these in moments. Depending on the policies you put in place, our platform can also deploy automated port blocking – terminating all traffic to and from a device – to stop infections and other threats from spreading.Rebasoft operates through readily available network telemetry protocols, meaning that there’s no
need to install individual software agents on each device. This also means that Rebasoft can monitor
the behaviour of non-PC devices where traditional anti-malware controls can’t be installed, like
Internet of Things (IoT) devices and SCADA systems.
Data breaches and leaks (that may come as a result of malware or sharing login credentials) also
produce predictable traffic spikes – usually centred around a single device on the network. Rebasoft
can pick up on these signs and automatically block port activity to minimise the impact of the breach.
1. Robust, “always on” asset management which defines the boundaries of your network and inventorises all devices that are active within it.
2. Provides real-time reporting on device OS patch history, running processes, and antivirus
update status, providing a holistic picture of the network’s anti-malware coverage.3. Non-invasive network telemetry and monitoring that doesn’t rely on installing and
maintaining individual software agents.4. Can easily monitor behaviour on non-PC devices like IoT hardware, buildings management
apparatus, and SCADA systems.5. Can easily monitor behaviour on non-PC devices like IoT hardware, buildings management apparatus, and SCADA systems.
6. Establishes a clear picture of normal network behaviour so unusual, potentially malicious
traffic patterns can be promptly identified and remedied.7. Identifies potentially malicious connections from “trusted” third parties, remote workers,
and obfuscated VPN or Tor connections.8. Suspect behaviour can be immediately halted using port blocking or merely logged for
review.9. Detailed historic and real-time analytics which enable management to make informed
cybersecurity decisions.10. Flexible, scalable, and lightweight, suitable for organisations from 100 to 100,000 users plus.
© Rebasoft 2009-2020