A State of Infections report that I just went through, finds that within the first hour of submission, AV products missed nearly 70 percent of malware.
Then when the network was re-scanned for identifications of malware signatures, only 66 percent were identified after 24 hours, further after seven days the total was 72 percent.
It took more than six months for AV products to create signatures for 100 percent of new malicious files.
Consider the effects on containment it also raises the risk that there are live infections on a network. The report also highlights the importance of automating manual processes.
What is crystal clear is that we need to prevent infection before it happens.
AV is not effective 100% of the time. Viruses change, new malware appears on a daily bases. It is Time to take a new approach, by reducing the dependency on people, not eliminating them as we believe that it must be a combination effort. But more so augment the people effort with a tool that can run 24/7 in real-time, because of the sheer volume of viruses and malware.
We think the answer is very basic, first of all do not rely on historical data only, and detect the malicious code before it even gets into your system.
We spent a lot of time and research to find a partner that adhered to this thinking and partnered with a company called Solebit.
Solebit’s solution is a patent-pending DvC engine that distinguishes between code and data buried deep inside data files and streams. The engine locates hidden code that could be executed in any condition, by any type of processor.
This hidden code is often the first step in an attack, allowing the APT operators to gain a foothold in the target environment. Solebit’s engine does not require updates (such as signature updates), and works independently. It does not require connectivity to the Internet, other data repositories, etc.
This engine inspects every, data file, object or stream coming into the network. The engine searches for hidden code instructions, encrypted polymorphic payloads, shell codes and other buried commands in each and every stream.
Any type of unauthorized code that is detected is not allowed into the network, essentially creating a no code zone. These data stream are quarantined for analysis, then immediately alerts the networks IT personal with a report that details the infiltration attempts.
Essentially blocking and protecting your network from Zero-Day and current reported malicious viruses/malware.
Want to learn more about this cutting edge product, we represent Solebit in North America please feel free to contact me.
