General Page
This professional consulting service assists clients with mitigating the risk of malware, including ransomware and viruses. This service provides deployment of up to three measures for malware defense: Threat Hunting, Allowlisting, and ClamAV. The PowerSC Graphical User Interface (GUI) server provides browser-based centralized management of these security measures deployed on endpoints configured with the PowerSC GUI agent.
Multiple consulting service options are available for this service. Options range from minimal proof-of-concept (PoC) to full deployment across the entire enterprise.
Multiple consulting service options are available for this service. Options range from minimal proof-of-concept (PoC) to full deployment across the entire enterprise.
Relevance to "Cost of a Data Breach Report 2023" 1
- Unknown (zero-day) vulnerabilities was the initial attack vector in 11% of all breaches. 1
- Ransomware was responsible for 24% of malicious attacks. 1
- “Data breaches disclosed by the attacker, such as with ransomware, cost significantly more. Attacks disclosed by attackers had an average cost of USD 5.23 million, which was a 19.5% or USD 930,000 difference over the average cost of breaches identified through internal security teams or tools of USD 4.30 million” 1
- At USD 5.13 million, the average cost of a ransomware attack in the 2023 report increased 13% from the average cost of USD 4.54 million in the 2022 report. . 1
Relevance to Zero Trust
-
“Never trust, always verify – Treat every user, device, application/workload and data flow as untrusted. Authenticate and explicitly authorize each to the least privilege required that uses dynamic security policies.” 2
-
“If an organization is able to align its infrastructure around zero-trust principles, it can easily halt attackers at every stage of the ransomware lifecycle. In case the organizational defenses fail at any point, it will still have multiple layers of protection that will stop the malware from spreading or prevent attackers from exploring the victim’s environment.” 3
Threat Hunting Description
PowerSC Threat Hunting provides on-demand scanning for malware that uses hashes not already included in public virus databases.
Allowlisting Description
Allowlisting is a security measure for mitigating cybersecurity risk by detecting or preventing the execution of unauthorized software. Allowlisting is implemented on Linux with the tool, fapolicyd. Allowlisting is implemented on AIX with AIX Trusted Execution.
ClamAV Description
ClamAV with PowerSC is designed to mitigate security risk by providing anti-malware for Red Hat Enterprise Linux Server (RHEL), SUSE Linux Enterprise Server (SLES), or AIX endpoints. ClamAV is an open source antivirus engine that can scan for over 8.6 million known trojans, viruses, malware, and other malicious threats. ClamAV prevents malware execution by detecting or quarantining malware.
Technical Details
- Modify the configuration of malware defense measures on PowerSC GUI agents
- Issue automated and manual scans by using the PowerSC GUI server
- Configure scheduled scans to search specific directories on an endpoint
- Configure email options provided by using the PowerSC GUI server
- Perform automated scans and virus database updates by using the PowerSC GUI server’s REST API
Requirements
- PowerSC GUI agent is installed on endpoints
- fapolicyd is installed on Linux
- ClamAV is installed by zypper on SLES
- ClamAV is installed by dnf on RHEL or AIX 7.3
- ClamAV is installed by yum or dnf on AIX 7.1 or 7.2
Common Use Cases
- An organization that would like assistance with initial implementation of PowerSC malware defense across their entire enterprise
- An organization that would like to mitigate the risk of ransomware or other malware
- An organization that would like a guided deep introduction to using Threat Hunting with PowerSC
- An organization that would like a guided deep introduction to using Allowlisting on AIX or Linux with PowerSC
- An organization that would like a guided deep introduction to using ClamAV with PowerSC
- An organization that would like to fulfill regulatory requirements that mandate anti-virus or anti-malware measures
- An organization that would like malware prevention tools that can be centrally managed by the PowerSC GUI server
- An organization that would like to automate malware defense with PowerSC using KSH, REST API, or Ansible
Engagement Process
- The consultant arranges a prep call to discuss requirements, scheduling, and agenda
- The consultant works with client to install and configure fapolicyd on Linux PowerSC GUI agents
- The consultant works with client to install and configure AIX Trusted Execution on AIX PowerSC GUI agents
- The consultant works with client to install and configure ClamAV on PowerSC GUI agents
- The consultant provides advice on best practice implementation
- The consultant works with client to verify the anti-malware functions most important to the client
- The consultant provides presentations to facilitate knowledge transfer
Deliverables
- Presentation Slides – an electronic copy of all presentation slides
- Configuration documents – an electronic copy of configuration documents
- Scripting – scripting provided, depending on terms, to facilitate specific subsets of PowerSC implementation
References
- Ponemon Institute – Cost of a Data Breach Report 2023. (July 2023)
- National Security Agency – Embracing a Zero Trust Security Model. (Feb 2021)
- Michelle Drolet - Forbes – Why Zero Trust is Necessary in the Fight Against Ransomware. (Mar 2023)
For questions, please contact AIX/Linux Security consultant, Stephen Dominguez, at his email
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSB2BD2","label":"IBM PowerSC"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
10 July 2024
UID
ibm16956321