Safely Test Your Malware, Ransomware and Virus Defenses
What’s the best way for a company to test its malware defenses in real-life scenarios? The past few years have seen both an uptick in cyberattacks and a dire shortage of security talent. In fact, a 2017 report predicted that by 2020 businesses will be hit by a threat actor every eleven seconds. Not to be outdone, researchers projected cybercrime damages would reach $6 trillion in 2021, twice as much as in 2015. Additionally, a 2022 study found 80% of breaches can be attributed to a lack of cybersecurity skillsets and/or awareness. Large tech companies might have resources and in-house expertise to address cybersecurity threats, but organizations in the education, government, manufacturing and service industries are much more limited. But as the talent shortage gets more acute and the danger continues to grow, even well-resourced in-house cybersecurity teams may struggle to provide maximum security.
It’s critical that security teams regularly practice their cybersecurity processes and tools to up-level their skills. But how can they practice in a scenario that’s realistic enough to be useful? What should you practice defending against and where can this exercise be run safely?
For instance, for a simple PC laptop-based virus, teams could use the EICAR virus test file, which is not a live virus but has test files with live virus signatures. While that’s all well and good for the prevention of infection from an attachment, email or file, what about the much more challenging scenario, the worm?
Worms are a type of malware that self-replicates and infects devices while remaining active on infected systems. They don’t rely on opening emails or even attachments. This means they can spread very quickly across an organization’s network and wreak havoc along the way. So how does one test defenses against worm propagation? You obviously wouldn’t release an active worm on your corporate network and cross your fingers that your existing standard security tooling prevents it. Several large companies have “clean rooms” where they quarantine with no connection to the corporate network and perform virus testing in isolation, but organizations without the resources to set up a clean room need another option.
Using the Cloud to Test Against Worm Propagation
The cloud is a perfect environment for “live” virus testing. It allows IT to recreate a duplicate of its corporate network (same computer operating systems, same hostnames, same IP addresses, etc.). There must be no connections whatsoever between the cloud virus test environment and the corporate network: No VPNs, no ExpressRoute, nothing – they must be wholly detached from one another. Now IT has a virtual “virus clean room” it can outfit with Windows machines, various types of servers, multiple subnets, firewalls, etc., just like on-premises. This is a safe environment in which to test virus propagation and how malware defenses respond without any risk of accidentally contaminating the real corporate network.
Working malware code can be found at sites like this and then injected into the cloud test environment. IT and security can study what happens and correct any found weaknesses in the real corporate network.
Why is the Cloud a Perfect Fit for Testing Defenses?
When testing malware in the cloud, IT can create, destroy and fully re-create working environments automatically (cloud vendors will have functionality for this built into their user portals). Saving a complete working environment as a template with all the standard testing machines and their storage and networking attributes pre-defined makes it a snap to create new ones. Using the cloud allows IT to perform a destructive test, collect the results, delete all of the cloud-based VMs, storage and networks and then re-create a new environment ready for the next test run in a matter of minutes. Side benefit: This virtual “clean room” will cost little to nothing while it’s not in use and requires far less maintenance than a physical one.
You’re All Set—Safe and Sound
The new conclusion is the cloud is an effective proxy for a true corporate network for testing malware defenses. After doing malware testing on the proxy environment, IT and security teams can apply the remediation to the actual on-premises defenses. Since the cloud testing environment won’t ever connect to on-premises, there is no risk of contamination. As the saying goes: “Practice makes perfect.” You now have a way to practice.
