Fortinet
highlights the importance of real-time client reputation and scoring as
part of an intelligent network security strategy
MALAYSIA – 13 March 2013
- Identifying improper behavior among the devices connected to their
network is a critical tool for any organization concerned about Advanced
Persistent Threats (APTs).
In light of the rapidly changing landscape of such targeted malware attacks, Fortinet lists the Top Five Types of Behavior that might indicate that a device has been infected.
1) Bad Connection Attempts
Typical
malware behavior often includes attempts to connect to hosts that don’t
exist on the Internet. While some bad connections may be due to user
error or bad links, a series of bad connections could be a sign of
malware infection.
2) Choice of Application
A
host that installs a P2P file sharing application can be considered
riskier than a host that installs a game. Some organizations may
consider both actions problematic. The ability to add weights to each
action allows each risk to be scored accordingly.
3) Geographic Location
Visits
to hosts in certain countries can be categorized as risky behavior,
especially if there is a significant amount of traffic involved.
Identifying such behavior can be combined with a white list approach
that identifies legitimate sites in such countries to help identify
infected clients.
4) Session Information
When
a device starts to listen on a port to receive a connection from the
outside but does not initiate a connection, an APT infection could be
the cause.
5) Destination Category
Visiting
certain types of websites, such as gambling and adult sites as well as
those known to contain malicious code, can also be a predictor of APT
infection.
“Identifying
risky user and application behavior represents the next step in
protection against Advanced Persistent Threats. Signature-based
protection is no longer enough. It’s important to build a complete,
evolving and up-to-date picture of the behaviour of network clients,”
explained Dato’ Seri George Chang, Fortinet’s regional vice president
for Southeast Asia and Hong Kong. “Client reputation and scoring is an
essential component in ordering and understanding the enormous amount of
security information available within organisations, and applying it to
a dynamic, targeted security response.”
These
and other related findings are further explored in Fortinet’s new white
paper: “Detecting What’s Flying Under the Radar: The Importance of
Client Reputation in Defending Against Advanced Threats”. Fortinet’s
unique patent-pending client reputation capability is one of the
hallmark features of its latest operating system, FortiOS 5.
To download the white paper, visit:
No comments:
Post a Comment