Keep up with ‘pwners’

Few outside the IT security industry understand how dealing with threats has changed since the early days when viruses infected the now obsolete floppy disk.

Organisations are now victims of targeted attacks and so must protect their intellectual property but security budgets lag the threat. Staff face a tidal wave of threats without concommitant resources.

They need security software to work faster, harder and automatically while reporting fixes made. And infected systems need to be cleaned completely. Anti-malware software research and support are vital for timely response to incidents and to provide top-notch customer help.

As organisations shift focus to mobile, cloud and virtualisation, security software needs to protect these environments, too.

And there is less concern for infecting oneself with a floppy disk as malicious hackers learned the lessons of search engine optimisation to target social vectors of infection, placing files where people were most likely to bumble into them.

The internet is operating-system agnostic and malicious hackers have learned that scripting languages do the hard work for them, responding to queries of a visitor’s browser version. No longer are anti-malware products simply signature-based scanners.

To combat the threats, anti- malware software has become smarter, scanning PCs without user intervention and learning what constitutes malicious code to stay ahead of the threat.

The best have web or spam filtering, behavioural analysis or a firewall to protect against previously unidentified threats. With these new, intensive scanning technologies, vendors have devised ways to decrease the processing load, so that scanning will not noticeably decrease access times or interrupt workflow.

The security-testing industry has changed to keep pace. When products under test were updated periodically, used on-demand scanning and the total known malware was in the thousands, it made sense to have only a pass-or- fail methodology a few times a year over a static testbed of samples.

To reflect a user’s experience, it is important to gather the spectra of malware that circulate on various protocols: email, P2P networks, the web and elsewhere. And threats must be collected all day from around the world.

As products have wide-ranging technologies including those initiated upon execution of a file, testing must incorporate dynamic functions by running threats on test machines. This takes more time than scanning an immobile directory of files and needs to have the most relevant sample set that a customer will encounter. This takes into account prevalence, attack- vector popularity, potential for damage and geography.

At West Coast Labs we’ve begun to see an increase of attacks on things such as digital picture frames, thumb drives, mobile phones and web 2.0 sites. Anti-malware vendors are developing technologies to protect them and testers are writing methodologies to mirror the user’s risk.

Keeping updated in the enterprise means cost of ownership and return on investment must be considered. How well do advanced technologies proactively detect? How quickly

are new threats added? How is customer support response? Can the solution be handled remotely? How much of the processor is given to scanning?

To determine anti-malware efficacy you have to look at performance-validation programs such as real-time testing.

Vendors are defining protection beyond product performance to business and customer service. In considering a product, it’s important to know whether the vendor’s research and development anticipates threats. Then, look further to the extent to which malware protection is delivered for a multi-platform infrastructure.

This extends to how far a business’s interests are protected through vendor-service strategies that include optimised and cost- effective security plans tailored to the user’s needs. All this should be bundled into trusted and responsive global support plans.

The threat landscape is evolving, with malware spawned at an alarming rate. But no longer is information security purely a technical issue – it’s a business issue. That’s why vendors’ product and service solutions are evolving to suit these needs.