Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
IDC Defending Against The Unknown

IDC Defending Against The Unknown

Ratings: (0)|Views: 13 |Likes:
Published by aptureinc

More info:

Published by: aptureinc on May 21, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





WHITE PAPERZero Hour Virus Protection: Defending Against theUnknown
Sponsored by: VirusBuster, BlueCat, G-Data, AhnLab, CommtouchDan Yachin, Research Director, EMEA Emerging TechnologiesAugust 2005
Despite the massive deployment of antivirus solutions, viruses and other types ofmalware are still the greatest security threat for enterprises. Fighting malware is aperpetual war, in which attackers constantly identify and target emergingvulnerabilities order to stay one step ahead of defenders. Today, many rapidlypropagating attacks are aimed at the weak spot of traditional antivirus solutions,which are based on developing new signatures for new threats – a time-consumingprocess (hours-long at best) that creates a window of vulnerability where end usersare unprotected. In light of these threats, organizations can no longer solely rely onreactive signature-based solutions. To protect against new and unknown threats,more proactive approaches should be applied, providing improved response timeswithout compromising detection levels.
IDC developed this white paper using a combination of existing market forecasts anddirect, in-depth, primary research. To gain insight into the challenges of fightingmodern malware, especially sophisticated rapidly propagating threats, and to learnabout how Commtouch's Zero-Hour Virus Protection can help mitigate associatedrisks, IDC interviewed the company team on the issues of technology, productofferings, competitive landscape, and go-to-market strategy. IDC also interviewedvendors employing Commtouch's technology including BlueCat Networks andVirusBuster.
This IDC white paper looks at the problem of zero-hour malware outbreaks that areaimed at infecting as many machines as possible before vaccinations are available. Itprovides an overview of traditional signature-based antivirus technologies and theirweaknesses in protecting against this type of attack, and examines different proactivevirus detection and protection approaches.
   C  e  n   t  r  a   l  a  n   d   E  a  s   t  e  r  n   E  u  r  o  p  e ,   M   i   d   d   l  e   E  a  s   t   /   A   f  r   i  c  a   H  e  a   d  q  u  a  r   t  e  r  s   M   A   L   E   N   A   M   E   S   T   I   1   3   1   1   0   0   0   P  r  a   h  a   1   C  z  e  c   h   R  e  p  u   b   l   i  c   P .   4   2   0 .   2 .   2   1   4   2 .   3   1   4   0 
2 # ©2005 IDC
More than two decades since their first appearance, computer viruses remain aserious problem. The financial costs of viruses are still substantial as defendersstruggle to keep up with the growing sophistication and effectiveness of malwareattacks. The emergence of rapidly propagating malware designed to cause massinfection before signatures are available has taken the armament race between viruswriters and antivirus developers to a new level. These attacks are becomingincreasingly sophisticated: some of the most recent malware outbreaks introducednew threats such as multi-variant viruses, and spyware-carrying worms that use aspam-like distribution technique to propagate. In order to fight these threatseffectively, new approaches towards proactive virus protection are more importantthan ever. One of these emerging approaches is Commtouch's Zero-Hour VirusProtection technology, which enables detecting any type of attack that carries thecharacteristics of a massive outbreak, regardless of its payload.
Current Malware Trends
Malicious software, or malware, is a general term for any software that is designed tocause damage to computer systems when executed. This definition refers to varioustypes of malicious code (e.g., viruses, worms, Trojan horses, zombies, trapdoors,logic bombs, key loggers), but the most common and damaging are replicatingmalicious code programs, known as viruses.Viruses have come a long way since the early days in which they spread from one PCto another via diskettes. To a large extent, it is no longer the playground for amateursthat fall into the stereotype of bored teenagers seeking notoriety. Today's malware isin many cases the business of professionals and even criminals. Correspondingly, themotivations that drive malware authors are changing and a growing number of attacksare financially-driven rather than simple pranks.In light of the growing sophistication of malware, the effectiveness of attacks is on therise and so is the financial impact. According to the CSI /FBI 2004 Computer Crimeand Security Survey report, viruses were the type of security incidents that generatedthe largest losses in 2004.On the surface, these findings may seem puzzling given the fact that antivirussolutions are used by the vast majority of organizations. Still, in a recent IDC survey,90% of large companies were hit by a successful virus attack this year; moreover,40% reported 11 or more successful attacks in 12 months (see
IDC's Enterprise Security Survey 2004 
, #32593).
 ©2005 IDC # 3
Number of Successful Attacks in the Past 12 Months byCompany Size
Q. How many attacks, including (but no limited to) viruses, hacks, Trojan horses, and worms,against your company's enterprise network defenses successfully breached security in the last 12 months? 
n = 477
Note: Small companies are those with 1-99 employees; medium-sized companies are those with100-999 employees; large companies are those with 1,000-9,999 employees; and very largecompanies are those with 10,000+ employees.
Source: IDC’s
Enterprise Security Survey 
, 2004
The Weak Spot of Traditional Antivirus Approaches
The growing effectiveness of malware can be explained by its dynamic nature.Malware writers make concerted efforts to find weak spots in enterprise securitysystems, and to overcome them. In this regard, malware writers have realized thatorganizations' reliance on signature-based antivirus products creates a significantwindow of vulnerability, and are targeting it in various ways.The problem of signature-based AV solutions lies in their reactive nature. A signaturedevelopment cycle consists of obtaining a sample of that virus (which means a newthreat can only be identified when it is already on the loose), initial virus signaturedevelopment, production-level signature development, and eventually customerupdate – an hours-long process at best, in some cases 24 hours and more. According

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->