volume of threat: the av update deployment bottleneck
DESCRIPTION
Volume of threat: the AV update deployment bottleneckWei Yan Trend MicroAnthony Arrott Trend MicroAs cyber criminals continue to advance their malware development skills, the security industry has responded with new technologies to combat the new threats. Most recently, however, the cyber criminals have exploited an inherent weakness in the traditional security industry approach to AV protection. As AV solution vendors discover new threats and develop countermeasures, newly acquired threat knowledge must be deployed to all the protected computers and networks. In the last two years, the perpetrators of digital threats have increasingly automated the processes of producing new unique threat variants. On average, over 2,000 new unique malware threats are introduced to the Internet every hour. It now takes less than a week to produce the entire malware output of 2005.As the flow of new threats increases, the timely deployment of AV pattern files to protected systems all over the world is becoming overwhelmed. Various responses by AV solution vendors to this assault are examined and compared, especially with respect to minimizing deployment delays and network resource utilization costs.TRANSCRIPT
Volume of Threat:The AV Update Deployment BottleneckThe AV Update Deployment Bottleneck
Wei Yan • Anthony Arrott • Robert McArdle
Copyright 2009 Trend Micro Inc.10/2/2009 1
Malware Volume IncreaseNumber of New Unique Malware Samples
15 Million14000000
16000000
Number of New Unique Malware SamplesSource: www.AV-Test.org
12000000
14000000
8 Million8000000
10000000
4.5 Million
4000000
6000000
333 K1 Million
2000000
4000000
Copyright 2009 Trend Micro Inc.Classification 10/2/2009 2
02005 2006 2007 2008 2009*
More Samples -> More Patterns
Increase in Malware Samples
Copyright 2009 Trend Micro Inc.10/2/2009 3
More Samples -> More Patterns
Increase in Malware Samples
Increase in Patterns
Copyright 2009 Trend Micro Inc.10/2/2009 4
More Samples -> More Patterns
Increase in Malware Samples
Increase in Patterns
Copyright 2009 Trend Micro Inc.10/2/2009 5
AV Updates (Now)S
H
SignaturesStaticSignatures
Heuristics
Signatures
Heuristics
Copyright 2009 Trend Micro Inc. 6
AV Updates (Future)
Fi i tS
FingerprintH
Result
StaticSignaturesSig IndexSignaturesHeuristics Signatures
Heuristics
Copyright 2009 Trend Micro Inc. 7
Cloud ArchitecturePublic CloudPrivate Cloud
• Complete ControlCl t l f Q S
• Limited API AccessLi it d Q S b d SLA
Public CloudPrivate Cloud
• Clear control of QoS• Control Security Settings
• Limited QoS based on SLA• Unclear Security Standards• Excellent Load Balancing &Excellent Load Balancing & Location Awareness
• Time Critical Systems• Continuous Communications
• Non‐Time Critical Systems• Unpredictable CommunicationsCommunications
Copyright 2009 Trend Micro Inc. 8
Putting it all togetherPublic CloudPrivate Cloud Public CloudPrivate Cloud
Web Threat Services Pattern Updates
Malware Scanning Software Updates
Load BalancingCorrelation
Pattern Updates
Software Updates
Location AwareTime Critical
Service Oriented Management Adaptor
Software Updates
d l
Time CriticalService Oriented Management Adaptor
Location Aware
Load Balancing
Copyright 2009 Trend Micro Inc. 9
Does all this work?
Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/
Copyright 2009 Trend Micro Inc. 10
Conclusions
Increase in Malware -> AV Update Bottleneck
Copyright 2009 Trend Micro Inc.10/2/2009 11
Conclusions
Increase in Malware -> AV Update Bottleneck
Current Pattern Deployment on it’s last legs
Copyright 2009 Trend Micro Inc.10/2/2009 12
Conclusions
Increase in Malware -> AV Update Bottleneck
Current Pattern Deployment on it’s last legs
Cloud system is a powerful new layer of defenseCloud system is a powerful new layer of defense
Copyright 2009 Trend Micro Inc.Classification 10/2/2009 13
Copyright 2009 Trend Micro Inc.Classification 10/2/2009 14
Backup SlidesBackup Slides
Copyright 2009 Trend Micro Inc.
NSS Labs Report
Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/
Copyright 2009 Trend Micro Inc. 16
NSS Labs Report
Copyright 2009 Trend Micro Inc. 17
Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/