Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hitting the ‘Up-To-Date ’ VB2009 – Steven Ginn Bull’s eye.

Similar presentations

Presentation on theme: "Hitting the ‘Up-To-Date ’ VB2009 – Steven Ginn Bull’s eye."— Presentation transcript:

1 Hitting the ‘Up-To-Date ’ VB2009 – Steven Ginn Bull’s eye

2 Signature based anti-malware requires updates to stay ahead More and more updates are released every day Need to provide technology for users to identify their “up-to- date” status Overview Defining and tracking “Up-to-Date”

3 Recognizes malware based on an identity Content is pattern matched against signatures New Malware = New Signatures needed Signature Based Protection Background

4 The point where a product has the latest and greatest definitions The ‘Up-to-Date’ Bull’s eye What is it?

5 Staying current maximizes protection Important to know when to update The ‘Up-To-Date’ Bull’s Eye Why should we care?

6 Malware is more and more pervasive Constantly being created Anti-malware vendors react with new updates to keep up User’s need to constantly update to keep up Hitting a moving target?

7 Monitors Anti-malware products and online material Records any update available Used to Find the bull’s eye Identifying Trends OESIS Monitor

8 Number of updates per day has increased Number of vendors and Signature formats has increased Update frequency by day of the week varies Trends and Observations

9 Total Updates per year

10 Number of Vendors identified

11 Updates by Day of Week

12 Average Number of Updates by day For the average vendor

13 Average Updates per day by year For selected vendors

14 Average Updates per day by year For selected vendors

15 Data for 2009 was scaled New Vendors introduced midyear New Definition Formats introduced mid-year Caveats to Data The “fine-print”

16 Anti-malware vendors have tools to tell user’s whether or not they are up to date Each make sense under different scenarios Finding the Bull’s Eye Communication tools

17 Every Update is stamped with an expiration Projected to last until next target delivery Allows client software to make educated guess about where the up-to-date mark will be next Blacklist date “Use by tomorrow”

18 Pros Easy to answer “Am I Up to date?” Cons Bad for critical outbreaks May expire prematurely Best Educated Guess Blacklist date

19 Just go get the latest always No need to care if up to date or not Best when you assume that you aren’t already up to date Brute-Force Update Throwing Blind

20 Pros Never miss, if frequent enough Cons Resource intensive May interrupt user’s workflow Brute-Force Update

21 Open a line between user and a central server When update available, push it to end user Push Mechanism Always connected?

22 Pros Minimizes outside communication Simpler to stay up to date Cons Not good in heterogeneous environments Requires constant contact Push Mechanism

23 Monitors Update releases by vendors Provides reference point of latest definitions Third Party enforcement OESIS Monitor

24 Pros Supports heterogeneous deployments Reacts quickly Reference point updates are often smaller than signature updates Best of Brute-force and push mechanisms Cons May not catch everything Third Party enforcement

25 Signatures live in the cloud Content is assessed by reputation and scanned when necessary on external sites Cloud-Scanning Get rid of the definitions

26 Pros Improved detection Faster identification Fewer systems to update Cons Must always be connected Security concerns with sending data out Cloud-Scanning

27 Signature based detection isn’t scaling What good is providing signatures if user’s can’t keep up with them? Try to improve alternatives to become proactive, not reactive What next? Continue the uphill battle, or go around?

28 Questions?

Download ppt "Hitting the ‘Up-To-Date ’ VB2009 – Steven Ginn Bull’s eye."

Similar presentations

Ads by Google