Skip to content

Can’t Catch ALL Malware So Detect & React

Malware is becoming more sophisticated - and it is difficult if not impossible to catch every virus/malware that is being created constantly.

cantcatchallmalware

If this is a true statement:  "My IT department will not catch all malware that is being created"  even with anti-virus Next gen firewall and more. Now what?

 

We have to try to detect the malware as fast as possible after it affects the computer - and then react to it.

 

But you say - what do you mean - I catch all the viruses and malware...  i have anti-virus and a new firewall that inspects network traffic, I have anti-spam which removes all the known viruses.

Ok let me do this for you:   100% of all KNOWN viruses and malware are caught by your awesome people and technologies.  Known only.

Are you familiar with new attacks that can exploit software before it has been patched? Otherwise known as Zero-day or 0-day.

I have discussed this before at my blog Oversitesentry¹ Zero-days are very dangerous as there is no defense against them. So at this point I want to show you our difficulty in defense of the network and computers:

 

nevermindthedetails  from youtube Video of Pablo Breuer CircleCityCon²

For example: At any 1 point in time there are 0.001% of people that can write one 0-day exploit per year (this is a reasonable timeframe) 1 out of a 100,000.

We know China is very interested in Cyber warfare and stealing secrets - making money etc. So in China there are 1.357 Billion people in China(2013) as per Google.

So therefore there will be 13,570 0-days written in a year. So let's say 85% of these 0-days are caught by our defenses because the attack looks similar to a current known virus (which we detect) or otherwise effect.

So 85% of 13,570 = 11,535  of which consists of detected zero-days.

So unfortunately 2,036 0-day attacks will not be identified.

 

And now you know why the Attacker has the advantage  - it is hard to keep up with 2000+ new attacks per year - almost 6 per day.

I have said this before(attacker advantage)³

morepredatorsthanprey

Offense only has to be right once to penetrate successfully. Whereas the defender has to work 365 days of the year.

We have our work cut out for us - as every IT function must work just right, this is too important and thus must get audited by a separate entity like us.

Contact Me Tony Zafiropoulos 314-504-3974  to get the conversation started.  To increase your focus on the things that matter - detect and react.

  1. https://www.youtube.com/watch?v=lVkTI-3BMY8
  2. http://oversitesentry.com/newsflash-software-has-bugs-0day-vulnerabilities/
  3. http://oversitesentry.com/reviewing-all-of-the-changes-in-2015/