Mining for Malware; There’s Gold in Them Thar Proxy Logs!

A new research paper released on the SANS website (link to the paper above in the title) discusses using the web proxy logs to discover how much malware is in your network. In addition to mining information from web proxy logs to determine if malware got through, the author also discusses some policies that worth enforcing on the proxies in your organization to minimize malware and spyware on your internal network.

One of the keys here is of course making sure your proxy has an up to date URL database and is using an anti-virus package to make sure no malware is making its way through to your network. You also want to make it as difficult as possible for employees to use an anonymizing or other proxy-avoidance software which makes it easier for them to get infected.