The Early Bird Gets the Virus

By Kevin Lee, Systems QA Engineer, Bitglass

man touching screen with virus written across itMost people have heard of the proverb, “The early bird gets the worm.” The part that many haven’t heard is the followup, “But the second mouse gets the cheese.” The latter proverb makes a lot of sense when you apply it to the current state of virus and malware detection.

Today, most established virus and malware detection services use a signature-based method. This means that they leverage lists of known malware signatures to scan files for threats. This works well when protecting against known malware. However, as with the mice in the proverb above, someone has to spring the trap to make the cheese obtainable. When enterprises use these solutions, they must simply hope that other organizations encounter new malware first. That way, lists of dangerous signatures can be updated.

An additional problem with these tools rests with the strictness of their signature matching. This is because they search for highly specific hashes (patterns) generated from the contents of known malicious files. Unfortunately, it is extremely easy to create new variants with new signatures by changing even minor aspects of attacks. In other words, even a small edit to a file containing a threat can alter the signature enough so that it will go undetected by signature-based tools. This results in the signature-based method always being reactionary and a second too slow.

More and more, organizations are turning to behavior-based anti-malware solutions. The advantage of these advanced detection methods is that they don’t require a sacrificial lamb (mouse) to figure out that a certain file is dangerous. Instead, they scrutinize large numbers of file characteristics and behaviors in order to identify threats. In addition, due to the fact that they don’t depend on signatures for detection, they cannot be fooled as easily by altered variants of existing malware. This leads to a simple conclusion. When implemented and utilized effectively, a zero-day solution should make any early bird, mouse, or human feel safe.

To learn more about cloud access security brokers and true advanced threat protection, download Bitglass’ Malware P.I. report.

Leave a Reply

The name and email fields are solely used to comment on posts. Cloud Security Alliance does no further processing of this data. See Section 3 of the CSA Privacy Policy for details.



Share this content on your favorite Social Network.