Recently there has been a lot of buzz concerning the latest reports on Government entities being hacked and in some cases their web sites are being defaced. With the increase in sophistication and change in motivation I would not be surprised if some of these attacks were successful.
Web mafias and other foreign organized crime syndicates are of prime concern for businesses alike. With the advancement in malicious code and the increase in vulnerabilities discovered, targeted Trojans are being designed to penetrate defenses.
In fact there is such a high volume of new and unique malware released on a daily basis that it creates a sustained denial of service.
The result is more and more attacks that go unnoticed by the authorities until its too late and confidential information of our nation's secrets have been stolen.
At Panda Security we call this the Silent Epidemic (which is referring to hidden attacks).
So how do we solve this problem? Partly by changing how security solutions are designed and deployed today. The traditional anti-malware model is simply not working or providing effective protection against the 3000 + new threats received on a daily basis for several reasons:
- Traditional signature based solutions capture a small fraction of what is considered in "the wild". This is mainly because of architecture limitations (file size, bandwidth constraints, protection module design, etc).
- The antivirus labs themselves do not have the manpower to process 100% of the samples received, rather only a small percentage are included in the daily signature file.
- Deploying protection upgrades in order to combat new malware strains is a difficult process in most part for large government and commercial agencies.
Our data indicates that 1 out of 5 PCs will be infected with malicious code that their current security solution will not detect. Thus, this leaves us with one pressing question "Are we really protected?"
So where do we go from here? First of all solutions must be developed to address the increase in malicious code, second of all protection should be designed to be easily upgraded. Third, but not least, automated methods and tools should be deployed within AV labs to analyze malware and reduce the manual burden.
Therefore; security solutions developed to be hosted entirely on-line which fit within the parameters of Web 2.0 in its fullest sense would solve these problems by:
- Reducing the manual effort required to process the thousands of samples received daily. In other words increasing the capacity of the signature file.
- Allowing a much greater detection ratio through the development of web based clients that utilize signatures in "the cloud", rather then locally.
Before this entire process had to be done manually and now this new system of automation has reduced our manual efforts by 95% and has allowed us to process the 3000 + received on a daily basis. This has resulted in a collection of nearly two million malware samples. We call this system the "Collective Intelligence".
Several solutions have been deployed to take advantage of this new model including NanoScan, TotalScan and a corporate audit tool known as Malware Radar.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.