Professional Documents
Culture Documents
January 2014
Introduction
Malware is a fact of life. A 2013 study of large US and global
companies revealed an average of two successful attacks per
company per week, 18 percent more than the previous year.1
Malware is costly. The same study found large companies
suffered an average loss of USD11.6 million per year in these
attacks.1 And malware comes from anywhere. According to the
IBM X-Force research and development team, the country
where the most malicious links are hosted42 percentis right
in many companies backyards: the United States.2
But fighting malware doesnt have to be a losing battle. Even as
their tactics evolve, malware attacks often employ familiar technologies and follow known paths through the IT environment.
The quantity and sophistication of malware may have grown,
but so have the available methods for defending against attacks.
The key is to remember that the varieties of malware on the
loose today mean no single method of defense will suffice. An
integrated portfolio of solutions, each providing strong defense
capabilities but all of them working together to enhance protection, is necessary.
This white paper will examine the changing strategies that malware has employed in recent years, explain the typical sequence
of events that occurs during an attack, and describe how an integrated defense can help keep the enterprise safe from these
advanced persistent threats. It will present IBM solutions that
are purpose-built for combating malware and that also work
IBMSoftware
External communication
Break in
Websites
and email
Latch on
Commandand-control
center
Expand
Gather and
exfiltrate
Endpoint
Home base
Home base
Malicious activity
Reconnaissance, spear
phishing, remote exploits
to gain access
Lateral movement to
increase access and
maintain a presence
Trusteer
Apex
IBM Endpoint
Manager
IBMSoftware
The Apex software solution provided by Trusteer, an IBM company,3 applies a new approachStateful Application Control
to help stop zero-day application exploits and data exfiltration
by analyzing application operations (what it is doing) and the
application state (why it is doing it). Using this information,
Trusteer Apex can automatically and accurately determine
whether an application action is legitimate or malicious.
IBM Endpoint Manager
IBMSoftware
2011
2010
2009
2012
2013
JavaScript_NOOP_sled
Cross-site
scripting
SQL injection
= Attacks
Through integration with the IBM portfolio of security solutions, X-Force delivers proprietary threat insights, including
data on malware hosts, spam sources and anonymous proxies.
Combining worldwide intelligence from the X-Force team with
the security information and event management, log management, anomaly detection, and configuration and vulnerability
management capabilities of IBM security solutions provides
context on security incidents that helps improve prioritization of
incidentswhich enables organizations to prevent or minimize
damaging attacks.
Conclusion
The danger of malware extends beyond its sheer numbers and
the rapid distribution of malicious code. It lies in the evolution
of malware to more sophisticated forms than ever before.
= Preemptive detection
report_final_6-1_13455.pdf
2 IBM
signup.do?source=swg-WW_Security_Organic&S_PKG=ov16986&
S_TACT=102PW63W
3 Trusteer
WGW03050-USEN-00