Cholera, malware and stopping outbreaks at source
Sourcefire stresses the value of tracing malware to its source
Chances are you've never heard of Dr John Snow. But the methods he used more than 150 years ago to solve the mystery of a cholera outbreak in London can be applied today to help you get to the heart of a malware outbreak in your enterprise.
Briefly, in 1854 there was a cholera outbreak near Broad Street in London. John Snow, an English physician, plotted each case on a map of the area and noticed that the incidents of cholera occurred primarily near the Broad Street water pump. He requested that authorities remove the pump handle and the epidemic, which had claimed nearly 500 lives, soon ended. Not only did Dr Snow's findings save countless people, but by having identified the source Dr Snow is credited with identifying the method of transmission and prevention of this deadly disease.
When it comes to malware, despite best efforts and multiple layers of security, infections prevail. To truly eliminate malware and the risk of re-infection we have to get to the root cause. The challenge is that most technologies focus solely on detection and give us little recourse after an infection occurs.
The most common way organisations discover an infection is with a call to a helpdesk. But they might also learn of an infection when a detection tool is updated and discovers malware previously missed. In this case the detection alert is actually an infection alert; the malware has already permeated the network and likely infected a number of devices.