There seems to be an endless list of what attackers are willing and capable of doing; viruses, malware, network attacks, etc. It’s tough just trying to keep up with all of these types of attacks along with properly training users and raising cyber security awareness in the company, on top of figuring out how to prevent these attacks and mitigate them should they infiltrate a network. This can seem like an impossible task for an SMB, considering that not many have designated security staff on-site. Then there is the consideration of additional expenses, whether forecasted or not.
Rest assured, however; WatchGuard’s got your back!
For starters, let’s break down major forms of attacks and categorize them in hopes of better understanding what WatchGuard can do to help. Then we’ll cover some offered services that’ll free up some stress and worries (hopefully) about hardening your network and reduce possible countless man hours in hardening your network security with an outside IT firm, which translates to saved money.
Virus – an ambiguous and generic reference – is often used to categorize any attack on a network or computer device. For the most part, that is true, but there are certain criteria that need to match that makes a virus a virus. It must be able to execute itself as well as be able to replicate itself using a host file. A different way to look at this would be in terms of potentially unwanted programs, or PUPs.
If you’re familiar with the history of the city of Troy and its impenetrable defense walls, you know how they were outwitted by accepting the gift of a wooden horse filled with enemy troops and bringing it within those same impenetrable walls. That’s an analogy indicating that regardless how hardened or secure a network is, if you allow an unknown program into your network that may be disguised as a valid application then you’re only setting yourself up. These are known as trojans or a trojan horse. You can often times find these embedded with program downloads that are free to download from the Internet.
Worms are PUPs that are very similar to viruses and can be categorized as a sub-class of viruses but are different in the fact that they do not require a host file. They simply replicate themselves across hosts and the network. In addition, they can exploit operating system vulnerabilities and make way for attackers to take control or execute arbitrary code.
That was a lot of info but to sum it up, focus on the PUP aspect. Any of the above subjects fall under the PUP category. From continuous attacks and analysis, each form of attack has what’s known as a signature – actions that make each form of attack unique and trackable. From WatchGuard’s perspective, we offer the Gateway AntiVirus engine, which taps into Bitdefender’s provided signature set.
Now if you’re thinking that you avoid downloading random programs or have a stringent download policy, awesome! I congratulate you on that. Then I would ask, well what about mainstream products, do you use Microsoft Office or have any in-house Web server or SQL servers? This is where direct host attacks come into play, often times attempting to exploit a vulnerability in legitimate programs. SQL injections, cross-site scripting, or buffer overflows are a few examples of possible network attacks.
A key difference is PUPs orient around viruses, worms, and trojans, versus network attacks on legitimate programs with vulnerabilities. A similarity between the two are their signatures, a unique action that is trackable and differentiates different types of attacks. Our Intrusion Prevention Service does just this and is constantly updated as new vulnerabilities are disclosed.
In an upcoming blog post we’ll cover more advanced options that don’t rely on signatures for detection and prevention. These advanced attacks are known as advanced persistent threats (APTs) and zero day malware.
Symantec.com, Contributors (September 30, 2016). What is the difference between viruses, worms, and Trojans. Retrieved from https://support.symantec.com/en_US/article.TECH98539.html