Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

How to Stop One Million New Pieces of Malware a Day

According to recently published research, 315 million new samples of malware are discovered each year. Much of this is attributable to hackers automating their malware generation, with random obfuscation and dynamic recompile becoming increasingly common techniques to avoid detection by security products. Consequently, this has had huge implications on so-called "silver bullet" anti-virus technologies that now appear hopelessly outgunned.

Many organizations depend on sandboxing at the web gateway to spot new malware and create signatures for easy future detection. Sandbox analysis, however, is very resource intensive and must be done using an out-of-line, versus inline, approach. Everyone stays protected except the first system to encounter the malware, known as "patient zero" - which is a big problem considering there are now about one million "patient zeros" per day.

There is a better way. The Trustwave Managed Anti-Malware service combines several existing methods and some novel in-line methods to block unknown malware at the gateway the first time and every time.

For efficiency, we first apply signature scanning and URL filtering. Although their effectiveness has decreased in the last several years, their heuristics and reputation-based blocking can block new malware very efficiently.

Second, we assemble web pages in a virtual browser to "see through" encryption, encoding and code-splitting obfuscation techniques that would hide malware in pieces. Then we apply rules that virtually patch against zero-day attacks and vulnerability exploits. This stops many types of drive-by downloads and similar delivery vectors used by hackers.

Third, we look at the behavior of any risky file type. While there are an infinite number of potential virus variations, the number of bad behaviors is finite. This is all done inline so that "patient zero" is protected just like everyone else.

Finally, and this is key, Trustwave experts continuously update gateway policy to adapt as hackers evolve new techniques. That is how we are able to offer a Zero-Malware Guarantee, and Trustwave is currently the only vendor in the industry to do so.

If you'd like to have our experts provide you with more general or customized information to help you understand your anti-malware options, click here.

Christopher Harget is a senior product marketing manager at Trustwave.