Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hitting the ‘Up-To-Date ’ VB2009 – Steven Ginn Bull’s eye.

Published byAubrey Saylor Modified over 10 years ago

Similar presentations

Presentation on theme: "Hitting the ‘Up-To-Date ’ VB2009 – Steven Ginn Bull’s eye."— Presentation transcript:

1 Hitting the ‘Up-To-Date ’ VB2009 – Steven Ginn Bull’s eye

2 Signature based anti-malware requires updates to stay ahead More and more updates are released every day Need to provide technology for users to identify their “up-to- date” status Overview Defining and tracking “Up-to-Date”

3 Recognizes malware based on an identity Content is pattern matched against signatures New Malware = New Signatures needed Signature Based Protection Background

4 The point where a product has the latest and greatest definitions The ‘Up-to-Date’ Bull’s eye What is it?

5 Staying current maximizes protection Important to know when to update The ‘Up-To-Date’ Bull’s Eye Why should we care?

6 Malware is more and more pervasive Constantly being created Anti-malware vendors react with new updates to keep up User’s need to constantly update to keep up Hitting a moving target?

7 Monitors Anti-malware products and online material Records any update available Used to Find the bull’s eye Identifying Trends OESIS Monitor

8 Number of updates per day has increased Number of vendors and Signature formats has increased Update frequency by day of the week varies Trends and Observations

9 Total Updates per year

10 Number of Vendors identified

11 Updates by Day of Week

12 Average Number of Updates by day For the average vendor

13 Average Updates per day by year For selected vendors

14 Average Updates per day by year For selected vendors

15 Data for 2009 was scaled New Vendors introduced midyear New Definition Formats introduced mid-year Caveats to Data The “fine-print”

16 Anti-malware vendors have tools to tell user’s whether or not they are up to date Each make sense under different scenarios Finding the Bull’s Eye Communication tools

17 Every Update is stamped with an expiration Projected to last until next target delivery Allows client software to make educated guess about where the up-to-date mark will be next Blacklist date “Use by tomorrow”

18 Pros Easy to answer “Am I Up to date?” Cons Bad for critical outbreaks May expire prematurely Best Educated Guess Blacklist date

19 Just go get the latest always No need to care if up to date or not Best when you assume that you aren’t already up to date Brute-Force Update Throwing Blind

20 Pros Never miss, if frequent enough Cons Resource intensive May interrupt user’s workflow Brute-Force Update

21 Open a line between user and a central server When update available, push it to end user Push Mechanism Always connected?

22 Pros Minimizes outside communication Simpler to stay up to date Cons Not good in heterogeneous environments Requires constant contact Push Mechanism

23 Monitors Update releases by vendors Provides reference point of latest definitions Third Party enforcement OESIS Monitor

24 Pros Supports heterogeneous deployments Reacts quickly Reference point updates are often smaller than signature updates Best of Brute-force and push mechanisms Cons May not catch everything Third Party enforcement

25 Signatures live in the cloud Content is assessed by reputation and scanned when necessary on external sites Cloud-Scanning Get rid of the definitions

26 Pros Improved detection Faster identification Fewer systems to update Cons Must always be connected Security concerns with sending data out Cloud-Scanning

27 Signature based detection isn’t scaling What good is providing signatures if user’s can’t keep up with them? Try to improve alternatives to become proactive, not reactive What next? Continue the uphill battle, or go around?

28 Questions?

Download ppt "Hitting the ‘Up-To-Date ’ VB2009 – Steven Ginn Bull’s eye."

Similar presentations

The Top 10 Reasons Why Federated Can’t Succeed And Why it Will Anyway.

The Top 10 Reasons Why Federated Can’t Succeed And Why it Will Anyway.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
seminar on Intrusion detection system

seminar on Intrusion detection system
IT is our job! Mind your own business.. 1.Consulting 2.Support 3.Maintenance Network Assessment We provide you with an overview of your current network,

IT is our job! Mind your own business.. 1.Consulting 2.Support 3.Maintenance Network Assessment We provide you with an overview of your current network,
Problem Management Overview

Problem Management Overview
Business Preparedness: Best Practices 7 Steps to Protect Your Organization Against 21 st Century Threats.

Business Preparedness: Best Practices 7 Steps to Protect Your Organization Against 21 st Century Threats.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
TechNet Build’06 “The Secure Well Managed Infrastructure Tour”

TechNet Build’06 “The Secure Well Managed Infrastructure Tour”
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
1 Effectively Managing Global Engineering Licenses Kimberley A. Dillman IT Solution Architect – Engineering Delphi Corporation

1 Effectively Managing Global Engineering Licenses Kimberley A. Dillman IT Solution Architect – Engineering Delphi Corporation
Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.

Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
What is Business Intelligence? Business intelligence (BI) –Range of applications, practices, and technologies for the extraction, translation, integration,

What is Business Intelligence? Business intelligence (BI) –Range of applications, practices, and technologies for the extraction, translation, integration,
PC and Server Protection with Trend Micro Worry Free Business Security Troubleshooting Client Server Connectivity Ian Thiele 1.

PC and Server Protection with Trend Micro Worry Free Business Security Troubleshooting Client Server Connectivity Ian Thiele 1.

Similar presentations

Ads by Google