Why do we ask? Dridex, which we've addressed previously here, is a UK focused banking trojan which has launched a new variant this morning. As also noted previously, File Sandboxing, ala Websense' ThreatScope solution, is a very useful tool as the malware typically leverages Word and/or Excel macros... which we dare not block nor are the AV Vendors able to protect as proven by the current poor catch rate:
Per this report, you'll see that File Sandboxing works even when your AV solutions fail. However, is there another way to address this issue by aligning your Risk Model with your Business Model? In other words, you may not provide goods/services in Spain nor the Netherlands. As such, is it wise to accept inbound email msgs from Spain (screen shot below) or allow the malware to phone home via TCP Port 80 to a server in the Netherlands (aforementioned File Sandbox report):
We at ESPO recommend leveraging DLP Solutions, ala Websense AP-Data, to not only detect secret sauce leaving your organization, but... to also leverage built-in Geo Location capabilities to block data destined to organizations in geographies that preclude them from becoming potential customers. Connect with us if you'd like assistance in creating a similar program:
Contents of this website are good and appreciative. Congratulation
ReplyDeleteCommercial AV Services Los Angeles
Southern California Commercial AV Installation