Malware Detection / Use Case

What is Malware?

Malware (short for “malicious software”) refers to any software that can be harmful to the host machines that it infects. You may have heard terms like “viruses”, “worms”, “trojans”, and “ransomware” – these are all examples of malware.

As well as leaving potential destruction and data loss in their wake, many viruses include functionality that allows them to replicate and spread to other devices. They exploit network-wide security gaps in order to duplicate themselves, potentially infecting vast areas of a network in mere
minutes.

A high-profile example of a particularly destructive piece of malware is infamous WannaCry virus. It’s an example of “ransomware”: software that encrypts the contents of a machine’s hard drive, informing the user that their information can be recovered for a fee – effectively holding their data to ransom.

Malware can be hidden in files and software, and can spread by exploiting specific vulnerabilities in a
target network.

The Problem with Traditional Malware Controls

Modern antivirus software is incredibly sophisticated and works well for known viruses. However, there is an illusion that simply installing an antivirus program will protect you from all viruses. This is sadly not the case. 

Firstly, developing antivirus controls is inherently reactive. Though antivirus security teams analyse known viruses in order to provide accurate detection, prevention, and remediation tools, new malware strains are emerging all the time. Once a new instance of malware is discovered, it can take 

Rebasoft Malware Detection Use Case 2 antivirus companies days – even weeks – to engineer a fix and distribute it. Countless other machines across your network could continue to propagate the infection in that time.

Secondly, there’s the matter of “phishing”. Phishing emails are genuine-looking emails that trick recipients into
downloading viruses, sharing passwords, or giving money to cybercriminals. 

Scammers are getting remarkably good at creating believable assets and using psychological tricks to coerce people. 

Targeted phishing attacks – known as “spear phishing” attacks – can be particularly convincing. They generally take the form of official-looking documents that encourage the recipient to act now; such as tax refunds, payment advice documents, outstanding invoices, missed deliveries, and parking tickets. They carefully choose their email addresses and formatting to look almost indistinguishable from the real thing. Antiviruses are very robust, but can’t completely protect against human error.
Therefore, phishing can present two potential cyber threats to your network – malware infections and sharing sensitive informati on (like login details) with unauthorised people. They’re two very different threats that can both be caused by phishing tactics. 

But when viewed as a whole, it only takes one weak link to introduce threats into even the largest, most far-reaching networks. One team member caught off-

guard by a fake request for their username and password; one busy professional too distracted to keep their anti-malware controls up to date; one overworked executive hoodwinked into downloading an infected document. 

And regardless of how innocuous the interaction may seem – downloaded malware or shared login credentials – the impact can be profound.

Antivirus programs and IT security training are essential, but they are not infallible. This is where network monitoring solutions like Rebasoft can help.

How Rebasoft Aids Malware Detection

Rebasoft enables your IT engineers to wage a two-pronged attack on potential malware and
phishing threats.

Network Inventory & Antivirus Coverage


As soon as it is deployed, Rebasoft sets to work piecing together a picture of your entire network including all connected devices: PCs, servers, routers, switches, IoT hardware, and more. When you
maintain a constant awareness of the devices that make up your network, you’re in a much better place to gauge the effectiveness of your current security practices and establish the potential issues that may be caused by malware.
Traditional asset management systems rely on infrequent scans to create an inventory of network devices, meaning that devices can easily get missed if they join and leave the network in between
scans. However, Rebasoft is an always-on solution that updates in real time – meaning that all connections to and disconnections from your network will be picked up in mere moments.

Despite the flaws mentioned above, anti-malware defences are a critical component to any cybersecurity defence strategy; antivirus software really is your first line of defence. But merely having antivirus software installed doesn't mean a machine is totally protected - PCs also need up to date virus definitions (known as "pattern files") in order to be as effective as possible.

Rebasoft Malware Detection Use Case 3

Rebasoft tracks and records antivirus coverage across your whole network, giving you “at a glance” insight into which systems do have antivirus software installed, which devices have out of date virus definitions, and which devices aren’t protected by anti-malware controls at all.

So, let’s put this in real terms with an example. Let’s say a network has 1,000 PCs and an antivirus coverage rate of 99%. That may sound promising, but that’s still 10 unprotected PCs that could easily let malware into the network. Additionally, their pattern deployment rate may only be at 90% - meaning they have 100 PCs with out of date virus definitions and 10 PCs with no antivirus protection at all. Understandably, this can leave a network very vulnerable, but Rebasoft could help them identify and close these gaps with ease.

Network Behaviour & Telemetry

Antivirus software is an ideal solution for PCs, but unfortunately malware can affect a variety of systems – some of which can’t be protected via traditional anti-malware controls. But all is not lost; malware usually spreads across networks using unusual traffic patterns which can be easily detected by network telemetrysystems like Rebasoft.

Under normal circumstances, traffic usually flows up and down a network’s hierarchy – up to servers and down to individual PCs and devices. This is called

“north-to-south” traffic. However, in an
attempt to spread rapidly throughout a network, malware is often designed to hop “across” a network, resulting in “east-to-west” traffic. An increase in east-to-west traffic can be a tell-tale sign
that malware is trying to spread across your network.

Because Rebasoft maintains a constant bird’s-eye view of your entire network, it can detect unusual behaviour patterns like these in moments. Depending on the policies you put in place, our platform can also deploy automated port blocking – terminating all traffic to and from a device – to stop infections and other threats from spreading.

Rebasoft operates through readily available network telemetry protocols, meaning that there’s no need to install individual software agents on each device. This also means that Rebasoft can monitor the behaviour of non-PC devices where traditional anti-malware controls can’t be installed, like Internet of Things (IoT) devices and SCADA systems.

Data breaches and leaks (that may come as a result of malware or sharing login credentials) also produce predictable traffic spikes – usually centred around a single device on the network. Rebasoft
can pick up on these signs and automatically block port activity to minimise the impact of the breach.

Rebasoft’s Core Malware Resilience Benefits

1. Robust, “always on” asset management which defines the boundaries of your network and  inventorises all devices that are active within it.

2. Provides real-time reporting on device OS patch history, running processes, and antivirus update status, providing a holistic picture of the network’s anti-malware coverage.

3. Non-invasive network telemetry and monitoring that doesn’t rely on installing and maintaining individual software agents.

4. Can easily monitor behaviour on non-PC devices like IoT hardware, buildings management apparatus, and SCADA systems.

5. Can easily monitor behaviour on non-PC devices like IoT hardware, buildings management apparatus, and SCADA systems.

6. Establishes a clear picture of normal network behaviour so unusual, potentially malicious traffic patterns can be promptly identified and remedied.

7. Identifies potentially malicious connections from “trusted” third parties, remote workers, and obfuscated VPN or Tor connections.

8. Suspect behaviour can be immediately halted using port blocking or merely logged for review.

9. Detailed historic and real-time analytics which enable management to make informed cybersecurity decisions.

10. Flexible, scalable, and lightweight, suitable for organisations from 100 to 100,000 users plus.

Call the team today

See for yourself how Rebasoft can improve your whole network’s cyber-resilience. Call the team today on 0800 799 7322 or email sales@rebasoft.net for a free demonstration.

0800 799 7322


21 London Road
Twyford
RG10 9EH
United Kingdom

VAT: GB972197684
Company #: 06914233

Get in touch

+44 (0) 800 779 7322
 sales@rebasoft.net

   


© Rebasoft 2009-2020