Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Malware

Posted on 2016-07-19
5
Medium Priority
?
79 Views
Last Modified: 2016-08-04
Which Product is the best against Malware?  Carbon Black? Sentinel One?

Just want to get Peers view.  Is traditional Antivirus life about over?
0
Comment
Question by:RadiallAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 41719855
Malware-Bytes is fantastic againts malware
1
 
LVL 98

Expert Comment

by:John Hurst
ID: 41719866
Look for a stable product, not the best at the instant you check. I never heard of the two you mention and I do not get viruses at all. My clients get very few.

Malwarebytes is good to do a secondary scan after your first name brand paid product.

NOTHING beats user training: do not open strange emails, and (for the cowboys you employ) do not go to dodgy websites. Porn sites and gambling sites are tops amongst dodgy sites.
0
 
LVL 17

Accepted Solution

by:
Learnctx earned 2000 total points
ID: 41720026
Is traditional Antivirus life about over?

Traditional antivirus was over a few years ago.

You will always be on the back foot. There is no full proof method and I always recommend a defence in depth approach and even this is not full proof. Avoiding dodgy websites? Sure, why not. Define a dodgy website though? For me a dodgy website is every site on the Internet. Any site that allows a third party to put content on to their website; advertising for example. These are attack vectors that the owner has no control over (whatever control they believe they have is imagined).

But as John says, apply security basics and make sure your household or company is educated. People should be afraid of the Internet as their first stance.

Education
All the security in the world won't help you if your partner/child/parent opens everything that is sent to them or would plug a USB drive in that they found on the side walk.

Host based protection
Remove Adobe Flash and Java.
Adblock in the browser (for Firefox and Chrome).
Reputable AV product (Avast, AVG, Symantec, Kaspersky, etc.).
Reputable Anti-Malware product (MalwareBytes Anti-Malware, etc.).
Reputable Anti-Exploit (Microsoft EMET, MalwareBytes Anti-Exploit, etc.).
Sandbox software (Sandboxie or alternatives).
System state software (Reboot Restore RX, Steadier State).

Perimeter protection (SSL interception recommended)
Nextgen firewall like Palo Alto (costs $'s though).
or
A product like Sophos UTM or Sophos XG (free).

These sorts of products will give you a wide level of coverage from the majority of stuff out there. Products like EMET and Anti-Exploit can protect you from 0-day exploits. Products like sandboxes are excellent, but even these can be exploited and for novice users can be a pain. Software like Reboot Restore RX and Steadier State can be handy when you can't trust people. When the OS reboots all changes are removed (handy if your data is kept on network drives rather than on the OS itself).

Companies with security budgets into the millions and the most advanced security appliances on the planet have malware and other attacks walk through the door. So you're best to just mitigate the majority and have a herd protection mentality :)

For me I personally at home I run.

Perimeter: Sophos XG (free) , Palo Alto PA-200 ($'s).
Host OS: MalwareBytes Anti-Malware ($'s), MalwareBytes Anti-Exploit ($'s), Avast for business (free), Sandboxie ($'s), Windows firewall (free, rules managed via GPO).
Browser: Adblock Plus (from adblock.org), NoScript.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 41720028
I am not sure what you mean by traditional Anti Virus. We use Symantec Endpoint Protection on our Servers and Workstations. This product includes traditional AV.
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 2000 total points
ID: 41720043
What he means by traditional anti virus, is the traditional method for detection. That is signature and heuristics based detection. These are easily bypassed and only know about products and attack vectors they know about. They don't know about 0-day exploits or brand new viruses that are using new methods. If they don't have a signature, the AV lets it through. This does not mean they have no place, its just that they are 1 part of a defence strategy. But....lets face it they can't keep up with the amount of new viruses/malware/exploits being generated.

Your nextgen firewall/AV products go beyond signature based detection and start to allow the potential threat to run in a sandbox to see what it does and make a decision based off that behaviour (FireEye, Sandstorm tye services).
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question