volume of threat: the av update deployment bottleneck

17
Volume of Threat: The AV Update Deployment Bottleneck The AV Update Deployment Bottleneck Wei Yan Anthony Arrott • Robert McArdle Copyright 2009 Trend Micro Inc. 10/2/2009 1

Upload: anthony-arrott

Post on 07-Jul-2015

326 views

Category:

Documents


3 download

DESCRIPTION

Volume of threat: the AV update deployment bottleneckWei Yan Trend MicroAnthony Arrott Trend MicroAs cyber criminals continue to advance their malware development skills, the security industry has responded with new technologies to combat the new threats. Most recently, however, the cyber criminals have exploited an inherent weakness in the traditional security industry approach to AV protection. As AV solution vendors discover new threats and develop countermeasures, newly acquired threat knowledge must be deployed to all the protected computers and networks. In the last two years, the perpetrators of digital threats have increasingly automated the processes of producing new unique threat variants. On average, over 2,000 new unique malware threats are introduced to the Internet every hour. It now takes less than a week to produce the entire malware output of 2005.As the flow of new threats increases, the timely deployment of AV pattern files to protected systems all over the world is becoming overwhelmed. Various responses by AV solution vendors to this assault are examined and compared, especially with respect to minimizing deployment delays and network resource utilization costs.

TRANSCRIPT

Page 1: Volume of Threat:  The AV update deployment bottleneck

Volume of Threat:The AV Update Deployment BottleneckThe AV Update Deployment Bottleneck

Wei Yan • Anthony Arrott • Robert McArdle

Copyright 2009 Trend Micro Inc.10/2/2009 1

Page 2: Volume of Threat:  The AV update deployment bottleneck

Malware Volume IncreaseNumber of New Unique Malware Samples

15 Million14000000

16000000

Number of New Unique Malware SamplesSource: www.AV-Test.org

12000000

14000000

8 Million8000000

10000000

4.5 Million

4000000

6000000

333 K1 Million

2000000

4000000

Copyright 2009 Trend Micro Inc.Classification 10/2/2009 2

02005 2006 2007 2008 2009*

Page 3: Volume of Threat:  The AV update deployment bottleneck

More Samples -> More Patterns

Increase in Malware Samples

Copyright 2009 Trend Micro Inc.10/2/2009 3

Page 4: Volume of Threat:  The AV update deployment bottleneck

More Samples -> More Patterns

Increase in Malware Samples

Increase in Patterns

Copyright 2009 Trend Micro Inc.10/2/2009 4

Page 5: Volume of Threat:  The AV update deployment bottleneck

More Samples -> More Patterns

Increase in Malware Samples

Increase in Patterns

Copyright 2009 Trend Micro Inc.10/2/2009 5

Page 6: Volume of Threat:  The AV update deployment bottleneck

AV Updates (Now)S

H

SignaturesStaticSignatures

Heuristics

Signatures

Heuristics

Copyright 2009 Trend Micro Inc. 6

Page 7: Volume of Threat:  The AV update deployment bottleneck

AV Updates (Future)

Fi i tS

FingerprintH

Result

StaticSignaturesSig IndexSignaturesHeuristics Signatures

Heuristics

Copyright 2009 Trend Micro Inc. 7

Page 8: Volume of Threat:  The AV update deployment bottleneck

Cloud ArchitecturePublic CloudPrivate Cloud

• Complete ControlCl t l f Q S

• Limited API AccessLi it d Q S b d SLA

Public CloudPrivate Cloud

• Clear control of QoS• Control Security Settings

• Limited QoS based on SLA• Unclear Security Standards• Excellent Load Balancing &Excellent Load Balancing & Location Awareness

• Time Critical Systems• Continuous Communications

• Non‐Time Critical Systems• Unpredictable CommunicationsCommunications

Copyright 2009 Trend Micro Inc. 8

Page 9: Volume of Threat:  The AV update deployment bottleneck

Putting it all togetherPublic CloudPrivate Cloud Public CloudPrivate Cloud

Web Threat Services Pattern Updates

Malware Scanning Software Updates

Load BalancingCorrelation

Pattern Updates

Software Updates

Location AwareTime Critical

Service Oriented Management Adaptor

Software Updates

d l

Time CriticalService Oriented Management Adaptor

Location Aware

Load Balancing

Copyright 2009 Trend Micro Inc. 9

Page 10: Volume of Threat:  The AV update deployment bottleneck

Does all this work?

Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/

Copyright 2009 Trend Micro Inc. 10

Page 11: Volume of Threat:  The AV update deployment bottleneck

Conclusions

Increase in Malware -> AV Update Bottleneck

Copyright 2009 Trend Micro Inc.10/2/2009 11

Page 12: Volume of Threat:  The AV update deployment bottleneck

Conclusions

Increase in Malware -> AV Update Bottleneck

Current Pattern Deployment on it’s last legs

Copyright 2009 Trend Micro Inc.10/2/2009 12

Page 13: Volume of Threat:  The AV update deployment bottleneck

Conclusions

Increase in Malware -> AV Update Bottleneck

Current Pattern Deployment on it’s last legs

Cloud system is a powerful new layer of defenseCloud system is a powerful new layer of defense

Copyright 2009 Trend Micro Inc.Classification 10/2/2009 13

Page 14: Volume of Threat:  The AV update deployment bottleneck

Copyright 2009 Trend Micro Inc.Classification 10/2/2009 14

Page 15: Volume of Threat:  The AV update deployment bottleneck

Backup SlidesBackup Slides

Copyright 2009 Trend Micro Inc.

Page 16: Volume of Threat:  The AV update deployment bottleneck

NSS Labs Report

Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/

Copyright 2009 Trend Micro Inc. 16

Page 17: Volume of Threat:  The AV update deployment bottleneck

NSS Labs Report

Copyright 2009 Trend Micro Inc. 17

Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/