Solved

Malware

Posted on 2016-07-19
5
74 Views
Last Modified: 2016-08-04
Which Product is the best against Malware?  Carbon Black? Sentinel One?

Just want to get Peers view.  Is traditional Antivirus life about over?
0
Comment
Question by:RadiallAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 41719855
Malware-Bytes is fantastic againts malware
1
 
LVL 95

Expert Comment

by:John Hurst
ID: 41719866
Look for a stable product, not the best at the instant you check. I never heard of the two you mention and I do not get viruses at all. My clients get very few.

Malwarebytes is good to do a secondary scan after your first name brand paid product.

NOTHING beats user training: do not open strange emails, and (for the cowboys you employ) do not go to dodgy websites. Porn sites and gambling sites are tops amongst dodgy sites.
0
 
LVL 17

Accepted Solution

by:
Learnctx earned 500 total points
ID: 41720026
Is traditional Antivirus life about over?

Traditional antivirus was over a few years ago.

You will always be on the back foot. There is no full proof method and I always recommend a defence in depth approach and even this is not full proof. Avoiding dodgy websites? Sure, why not. Define a dodgy website though? For me a dodgy website is every site on the Internet. Any site that allows a third party to put content on to their website; advertising for example. These are attack vectors that the owner has no control over (whatever control they believe they have is imagined).

But as John says, apply security basics and make sure your household or company is educated. People should be afraid of the Internet as their first stance.

Education
All the security in the world won't help you if your partner/child/parent opens everything that is sent to them or would plug a USB drive in that they found on the side walk.

Host based protection
Remove Adobe Flash and Java.
Adblock in the browser (for Firefox and Chrome).
Reputable AV product (Avast, AVG, Symantec, Kaspersky, etc.).
Reputable Anti-Malware product (MalwareBytes Anti-Malware, etc.).
Reputable Anti-Exploit (Microsoft EMET, MalwareBytes Anti-Exploit, etc.).
Sandbox software (Sandboxie or alternatives).
System state software (Reboot Restore RX, Steadier State).

Perimeter protection (SSL interception recommended)
Nextgen firewall like Palo Alto (costs $'s though).
or
A product like Sophos UTM or Sophos XG (free).

These sorts of products will give you a wide level of coverage from the majority of stuff out there. Products like EMET and Anti-Exploit can protect you from 0-day exploits. Products like sandboxes are excellent, but even these can be exploited and for novice users can be a pain. Software like Reboot Restore RX and Steadier State can be handy when you can't trust people. When the OS reboots all changes are removed (handy if your data is kept on network drives rather than on the OS itself).

Companies with security budgets into the millions and the most advanced security appliances on the planet have malware and other attacks walk through the door. So you're best to just mitigate the majority and have a herd protection mentality :)

For me I personally at home I run.

Perimeter: Sophos XG (free) , Palo Alto PA-200 ($'s).
Host OS: MalwareBytes Anti-Malware ($'s), MalwareBytes Anti-Exploit ($'s), Avast for business (free), Sandboxie ($'s), Windows firewall (free, rules managed via GPO).
Browser: Adblock Plus (from adblock.org), NoScript.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41720028
I am not sure what you mean by traditional Anti Virus. We use Symantec Endpoint Protection on our Servers and Workstations. This product includes traditional AV.
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 500 total points
ID: 41720043
What he means by traditional anti virus, is the traditional method for detection. That is signature and heuristics based detection. These are easily bypassed and only know about products and attack vectors they know about. They don't know about 0-day exploits or brand new viruses that are using new methods. If they don't have a signature, the AV lets it through. This does not mean they have no place, its just that they are 1 part of a defence strategy. But....lets face it they can't keep up with the amount of new viruses/malware/exploits being generated.

Your nextgen firewall/AV products go beyond signature based detection and start to allow the potential threat to run in a sandbox to see what it does and make a decision based off that behaviour (FireEye, Sandstorm tye services).
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question