Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Malware

Posted on 2016-07-19
5
Medium Priority
?
81 Views
Last Modified: 2016-08-04
Which Product is the best against Malware?  Carbon Black? Sentinel One?

Just want to get Peers view.  Is traditional Antivirus life about over?
0
Comment
Question by:RadiallAdmin
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 41719855
Malware-Bytes is fantastic againts malware
1
 
LVL 99

Expert Comment

by:John Hurst
ID: 41719866
Look for a stable product, not the best at the instant you check. I never heard of the two you mention and I do not get viruses at all. My clients get very few.

Malwarebytes is good to do a secondary scan after your first name brand paid product.

NOTHING beats user training: do not open strange emails, and (for the cowboys you employ) do not go to dodgy websites. Porn sites and gambling sites are tops amongst dodgy sites.
0
 
LVL 18

Accepted Solution

by:
Learnctx earned 2000 total points
ID: 41720026
Is traditional Antivirus life about over?

Traditional antivirus was over a few years ago.

You will always be on the back foot. There is no full proof method and I always recommend a defence in depth approach and even this is not full proof. Avoiding dodgy websites? Sure, why not. Define a dodgy website though? For me a dodgy website is every site on the Internet. Any site that allows a third party to put content on to their website; advertising for example. These are attack vectors that the owner has no control over (whatever control they believe they have is imagined).

But as John says, apply security basics and make sure your household or company is educated. People should be afraid of the Internet as their first stance.

Education
All the security in the world won't help you if your partner/child/parent opens everything that is sent to them or would plug a USB drive in that they found on the side walk.

Host based protection
Remove Adobe Flash and Java.
Adblock in the browser (for Firefox and Chrome).
Reputable AV product (Avast, AVG, Symantec, Kaspersky, etc.).
Reputable Anti-Malware product (MalwareBytes Anti-Malware, etc.).
Reputable Anti-Exploit (Microsoft EMET, MalwareBytes Anti-Exploit, etc.).
Sandbox software (Sandboxie or alternatives).
System state software (Reboot Restore RX, Steadier State).

Perimeter protection (SSL interception recommended)
Nextgen firewall like Palo Alto (costs $'s though).
or
A product like Sophos UTM or Sophos XG (free).

These sorts of products will give you a wide level of coverage from the majority of stuff out there. Products like EMET and Anti-Exploit can protect you from 0-day exploits. Products like sandboxes are excellent, but even these can be exploited and for novice users can be a pain. Software like Reboot Restore RX and Steadier State can be handy when you can't trust people. When the OS reboots all changes are removed (handy if your data is kept on network drives rather than on the OS itself).

Companies with security budgets into the millions and the most advanced security appliances on the planet have malware and other attacks walk through the door. So you're best to just mitigate the majority and have a herd protection mentality :)

For me I personally at home I run.

Perimeter: Sophos XG (free) , Palo Alto PA-200 ($'s).
Host OS: MalwareBytes Anti-Malware ($'s), MalwareBytes Anti-Exploit ($'s), Avast for business (free), Sandboxie ($'s), Windows firewall (free, rules managed via GPO).
Browser: Adblock Plus (from adblock.org), NoScript.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 41720028
I am not sure what you mean by traditional Anti Virus. We use Symantec Endpoint Protection on our Servers and Workstations. This product includes traditional AV.
0
 
LVL 18

Assisted Solution

by:Learnctx
Learnctx earned 2000 total points
ID: 41720043
What he means by traditional anti virus, is the traditional method for detection. That is signature and heuristics based detection. These are easily bypassed and only know about products and attack vectors they know about. They don't know about 0-day exploits or brand new viruses that are using new methods. If they don't have a signature, the AV lets it through. This does not mean they have no place, its just that they are 1 part of a defence strategy. But....lets face it they can't keep up with the amount of new viruses/malware/exploits being generated.

Your nextgen firewall/AV products go beyond signature based detection and start to allow the potential threat to run in a sandbox to see what it does and make a decision based off that behaviour (FireEye, Sandstorm tye services).
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question