Connect with us

Hi, what are you looking for?


Malware & Threats

Cholera, Malware and Stopping Outbreaks at the Source

Chances are you’ve never heard of Dr. John Snow. But the methods he used more than 150 years ago to solve the mystery of a cholera outbreak in London can be applied today to help you get to the heart of a malware outbreak in your enterprise.

Chances are you’ve never heard of Dr. John Snow. But the methods he used more than 150 years ago to solve the mystery of a cholera outbreak in London can be applied today to help you get to the heart of a malware outbreak in your enterprise.

Briefly, in 1854 there was a cholera outbreak near Broad Street in London. John Snow, an English physician, plotted each case on a map of the area and noticed that the incidents of cholera occurred primarily near the Broad Street water pump. He requested that authorities remove the pump handle and the epidemic, which had claimed nearly 500 lives, soon ended. Not only did Dr. Snow’s findings save countless people, but by having identified the source Dr. Snow is credited with identifying the method of transmission and prevention of this deadly disease.

MalwareWhen it comes to malware, despite best efforts and multiple layers of security, infections prevail. To truly eliminate malware and the risk of re-infection we have to get to the root cause. The challenge is that most technologies focus solely on detection and give us little recourse after an infection occurs.

The most common way organizations discover an infection is with a call to a help desk. But they might also learn of an infection when a detection tool is updated and discovers malware previously missed. In this case the detection alert is actually an infection alert; the malware has already permeated the network and likely infected a number of devices.

Whichever way you identify malware, once you do it’s critical to quarantine the device to minimize the risk to other devices on the network and then to clean the infected device. But that’s not enough to truly eliminate malware. That would be the same as if Dr. Snow had simply focused on individuals exhibiting symptoms and treated them. Using only that approach he would have been caught in a never-ending cycle of treating patients and may never have found the root cause of the outbreak and stopped the spread of the disease altogether.

Just as Dr. Snow analyzed the data points available to him, in the case of stopping the spread of malware, technologies that use big data analytics to identify ‘patient zero’ (who was infected first), the application that introduced the malware and the files that are causing it to spread enable us to address the infection at the root and avoid re-infection. Identifying the last person infected is equally important as we can define the scope of the infection, assess the risk and understand what it will take to control the outbreak.

In addition to the ‘who,’ understanding ‘how’ the malware permeated the network is also critical to reducing the risk of re-infection. Identifying the use of non-sanctioned software plays an important role in stopping common vehicles for malware. By using blacklists and whitelists to control applications and identify rogue software you can greatly reduce your attack surface. Keeping current with the latest versions of browsers and productivity tools essential to your business’ operations can reduce the number of infections dramatically. In addition, because security has become an exercise in risk management, every IT department should conduct their own risk assessment when evaluating software packages. Certain packages introduce higher risk and may not make sense to deploy in your environment.

Finally, advanced malware protection also requires retrospective security, the ability to retrospectively alert about and protect against files previously classified as safe but subsequently identified as malware. Because today’s advanced malware can disguise itself as safe, pass through defenses unnoticed and later exhibit malicious behavior, this is an important capability to minimize damage after an attack and remediate.

Advertisement. Scroll to continue reading.

Today’s malware is more damaging and more difficult to defeat than any threats we’ve experienced in the past. By extending protections beyond blocking and detection to include the power of big data analytics, intelligent controls and retrospective security we can stop malware at the source and truly eliminate it.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.