Let’s talk a bit about advanced malware. Many folks we talk with feel they are doing well with protecting their network perimeter. They’ve got firewalls in place, anti-virus, IDS/IPS. The issue is, that these are all signature based solutions. They don’t protect against zero-day malware.
Zero day, by definition: A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.
Malware, by definition: Malware, short for malicious software, is software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. While it is often software, it can also appear in the form of scripts or code. ‘Malware’ is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software. Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs.
The number of signatures that solutions need to keep track of has risen dramatically over the past few years. Check it out – these are cumulative totals:
- 2008 – 2,677,786
- 2009 – 5,724,106
- 2010 – 10,114,682
- 2011 – 15,480,052
Isn’t that astounding? How do you even keep up with it? Basically, you can’t. You need to fight today’s advanced malware with a different type of a solution, that is not signature based.
There are excellent advanced malware solutions out there, and we partner with one of the best. The solution sits in-line, and stops call backs, detonates the suspected malware in a protected environment to see what it contains, and reports the findings to HQ and to you, so you can take steps to eradicate it.
I’ve greatly simplified the explanation of how advanced threat detection works, but you get the idea. The playing field for attacks has changed over the years, and you need to keep up. Not saying that all the solutions you currently have in place are not valid. They are. You need the defense in depth protection. You just need to add to your arsenal.
Sr. Account Executive