Solved

Malware

Posted on 2016-07-19
5
58 Views
Last Modified: 2016-08-04
Which Product is the best against Malware?  Carbon Black? Sentinel One?

Just want to get Peers view.  Is traditional Antivirus life about over?
0
Comment
Question by:RadiallAdmin
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Tim Phillips
Comment Utility
Malware-Bytes is fantastic againts malware
1
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Look for a stable product, not the best at the instant you check. I never heard of the two you mention and I do not get viruses at all. My clients get very few.

Malwarebytes is good to do a secondary scan after your first name brand paid product.

NOTHING beats user training: do not open strange emails, and (for the cowboys you employ) do not go to dodgy websites. Porn sites and gambling sites are tops amongst dodgy sites.
0
 
LVL 16

Accepted Solution

by:
Learnctx earned 500 total points
Comment Utility
Is traditional Antivirus life about over?

Traditional antivirus was over a few years ago.

You will always be on the back foot. There is no full proof method and I always recommend a defence in depth approach and even this is not full proof. Avoiding dodgy websites? Sure, why not. Define a dodgy website though? For me a dodgy website is every site on the Internet. Any site that allows a third party to put content on to their website; advertising for example. These are attack vectors that the owner has no control over (whatever control they believe they have is imagined).

But as John says, apply security basics and make sure your household or company is educated. People should be afraid of the Internet as their first stance.

Education
All the security in the world won't help you if your partner/child/parent opens everything that is sent to them or would plug a USB drive in that they found on the side walk.

Host based protection
Remove Adobe Flash and Java.
Adblock in the browser (for Firefox and Chrome).
Reputable AV product (Avast, AVG, Symantec, Kaspersky, etc.).
Reputable Anti-Malware product (MalwareBytes Anti-Malware, etc.).
Reputable Anti-Exploit (Microsoft EMET, MalwareBytes Anti-Exploit, etc.).
Sandbox software (Sandboxie or alternatives).
System state software (Reboot Restore RX, Steadier State).

Perimeter protection (SSL interception recommended)
Nextgen firewall like Palo Alto (costs $'s though).
or
A product like Sophos UTM or Sophos XG (free).

These sorts of products will give you a wide level of coverage from the majority of stuff out there. Products like EMET and Anti-Exploit can protect you from 0-day exploits. Products like sandboxes are excellent, but even these can be exploited and for novice users can be a pain. Software like Reboot Restore RX and Steadier State can be handy when you can't trust people. When the OS reboots all changes are removed (handy if your data is kept on network drives rather than on the OS itself).

Companies with security budgets into the millions and the most advanced security appliances on the planet have malware and other attacks walk through the door. So you're best to just mitigate the majority and have a herd protection mentality :)

For me I personally at home I run.

Perimeter: Sophos XG (free) , Palo Alto PA-200 ($'s).
Host OS: MalwareBytes Anti-Malware ($'s), MalwareBytes Anti-Exploit ($'s), Avast for business (free), Sandboxie ($'s), Windows firewall (free, rules managed via GPO).
Browser: Adblock Plus (from adblock.org), NoScript.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
I am not sure what you mean by traditional Anti Virus. We use Symantec Endpoint Protection on our Servers and Workstations. This product includes traditional AV.
0
 
LVL 16

Assisted Solution

by:Learnctx
Learnctx earned 500 total points
Comment Utility
What he means by traditional anti virus, is the traditional method for detection. That is signature and heuristics based detection. These are easily bypassed and only know about products and attack vectors they know about. They don't know about 0-day exploits or brand new viruses that are using new methods. If they don't have a signature, the AV lets it through. This does not mean they have no place, its just that they are 1 part of a defence strategy. But....lets face it they can't keep up with the amount of new viruses/malware/exploits being generated.

Your nextgen firewall/AV products go beyond signature based detection and start to allow the potential threat to run in a sandbox to see what it does and make a decision based off that behaviour (FireEye, Sandstorm tye services).
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now