Antivirus software knows viruses, but it does not know your business

Posted on March 31st, 2015 by Joel Nimar

AugmentationUnderstanding viruses help protect against them, but real protection requires knowing your environment, your usual behaviors, and your vulnerabilities.


Information security sounds like a technical problem, so it’s tempting to look for a technical solution. The reality, though, is that technical solutions are built to solve specific, known problems. They are constantly chasing after malware to block it when it’s been identified. But this is a reactive approach. You’ll protect your systems far more effectively if you identify risks and apply countermeasures in advance. You can’t rely on software alone to do that; you need human eyes, human awareness, and the human ability to make connections.

Technical Approaches to Protecting Systems

Technical solutions to protecting systems include antivirus software, data loss prevention software, firewalls, and intrusion dection systems.

  • Antivirus software works by detecting the signatures of known malware. The problem, of course, is malware becomes known after it’s already harmed someone, hopefully not you. Even known malware can be difficult to detect. Viruses hide through encryption, Xor, or being zipped or packed into other forms.
  • DLP software offers data loss protection by identifying the unexpected movement of data; it can recognize patterns that indicate potentially sensitive data like social security numbers. You can tell these applications what to look for or let them rely on discovery, which can result in false alerts that impact users or miss real issues.
  • Firewalls block access through specified ports, and work best when set up professionally and managed by a skilled IT professional. It’s easy to lose track of which IP addresses should be allowed to connect through different ports and protocols, particularly when servers migrate to new locations.
  • IDS, intrusion detection systems, monitor network traffic or packets on a specific device to identify suspicious behavior. Reacting may happen automatically, which runs the risk of reacting wrongly, or manually, which runs the risk of delaying a response.

Know Your Business to Protect Your Business

All the technical solutions mentioned above either need to be explicitly configured to look for specific threats or to identify suspected threats that may or may not be real threats. To configure them effectively, review the reported incidents effectively, and prevent issues in the first place, businesses need to analyze themselves to identify where they are vulnerable.

It’s amazing how easy it is to lose track of servers and systems. Companies should conduct an inventory to identify physical hardware and the details of their configuration, as well as the OS and patch levels applied. Details of the specific software deployed on each box should also be tracked. For database servers, the details of the data on each device should be identified, including whether it is confidential, proprietary, or contains personally identifiable information. For each server, database, and application, companies should identify what roles and what individuals are authorized for access.

Once this information is identified, you can start identifying where and how to protect your systems. Analysis of this information—by skilled employees, not an application—can help develop the signatures for IDS, Yara malware detection, and other security systems so monitoring is meaningful, rather than simply generating noise.

This information can also help a company direct its information security resources most effectively. The inventory should identify which systems are most likely to be targets for hackers, and those should receive particular attention and care. Try stepping back to view your entire company, executives, and employees from the perspective of a hacker to identify where you may be at risk. Using white-hat hackers can help with this through actively probing your system for weakness.

Companies also need to have a robust incident response plan. No matter how carefully you attempt to protect your information, you can’t completely block the possibility that there will be a successful attack. It’s important to have a strategy for how your company will respond—how it will identify what data was compromised, repair the technical environment, satisfy legal requirements, communicate with affected customers, and handle the public relations impact. People skills, rather than technical skills, may be the most important part of incident management.

Work With an Expert

Information security requires more than technology; it requires expert analysis. Pyramid Technology Services has 25 years of experience providing innovative technology solutions for your IT. Our information and cyber security services protect organizations information and assets. We provide solutions to vulnerabilities existing in a system and test how deeply an attacker can penetrate along with the forensic analysis of such activities. In addition to this, we provide solutions to existing security threats as well as corporate training to help organizations prevent their systems against further attacks.

Our consultants and security professionals are seasoned in law enforcement, hold active security clearances, and are certified in computer forensics, penetration testing, and technologies including Firewalls, Intrusion Detection Systems, virus detection and eradication.

We are currently offering a 15% discount on a GAP assessment. Contact us today for a security assessment so we can help you identify gaps, probe for weaknesses, and create a strategy that secures your data. Contact us directly at 978-823-0700 or for more information.

Pyramid Celebrates 25 Years!

Value. Expertise. Trusted IT Partners.