For decades, the entire anti-malware industry has been built on a reactionary model, a system that requires someone somewhere to be infected (Patient Zero) with never before seen malware before a signature can be written manually and then distributed so others don’t suffer the same fate.
Even the most advanced techniques of signature-based detection, exploit prevention, whitelisting, application controls, and endpoint detection and response all fall into this “sacrificial lamb” reactionary model.
“The anti-malware industry is unique in that it is the one area of Information Security where end-users are used to accepting failure,” noted Carl Gottlieb of TestMyAV.com.
“For many organisations, the only thing that stands between them and a malware infection is luck that they are not one of the first to see a variant.”
The problem is that the vast amount of malware being released in the wild today is drowning the legacy anti-malware industry and its reactive nature. You may recall seeing presentations by legacy anti-malware vendors that detail their response timelines, boasting about their ability to provide a signature within 12 hours of a new infection. But 12 hours is an eternity in today’s threat landscape.
Remember SQL Slammer? In 2003, SQL Slammer infected 75,000 victims in just 10 minutes! And that was more than 14 years ago — the Stone Age of technology (we didn’t even have iPhones back then). Human creation of new signature files simply can’t keep up with today’s explosion of malware threats.
Numerous reports suggest that nearly 700,000 new malicious programs are created every day. That fact, in and of itself, is a data problem that can no longer be reactively addressed by humans.
This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog