Why Malware Hurts

A random office colleague opens a very realistic email and inadvertently downloads a small piece of software called a “payloader”.  That payloader then calls home and a remote hacker starts injecting various malware – viruses really – into your colleagues computer… Your colleague is most likely toast… And with most of the security on the market today, so are you… The issue with any disease – and malware is a disease of your computer systems much like Ebola attacks and kills your organic systems – is transmission from cell to cell.  Many people call this malware proliferation and it is why, just yesterday, numerous towns in Texas suffered a massive ransomware attack. The issue is never one cell or one computer – yes life for your colleague or cell sucks once infected but, at a systemic level, that one computer alone does not really hurt the enterprise just as one sick cell is not giving you a fever.  It is the spread of the disease that can cause severe pain and even death…

Where’s The Vaccine?

The battlefield currently being fought by most cybersecurity tools is a reduction in time between infection and discovery.  Unfortunately, just as with real diseases, these security products typically require a fever before they can find anything.  Even more concerning is that these tools then need experts who know what to do in order to overcome an infection – and, by then, the damage is most likely already extensive.  Imagine getting a headache and requiring a neurosurgeon each time to overcome your pain. Instead of reactive detection, the solution is to stop the spread of malware or, better yet, stopping the initial infection of that single computer – both of which can be eliminated by controlling communications.  By blocking unknown communications, the infection can at least be isolated to a single device and thus, as the enterprise level, the malware never becomes an issue.  The value of the malware to hackers greatly diminishes and, over time, that malware will be naturally eradicated as it is just not a viable strain. Better yet, however, is the ability to block even the initial payloader call out to its hacker master for instructions.  Stop that communication and you have vaccinated the device against the actual malware.  Detect and isolate, then remove, the payloader and even the single computer can move on as if nothing had ever occurred. All by effectively controlling communications in a proactive manner… Of course that is much simpler than it sounds… But there are security services solving this problem today.