SlideShare une entreprise Scribd logo

Preventing Known and Unknown Threats

Télécharger en tant que PPTX, PDF
OPSWAT
OPSWAT

Benny Czarny, CEO at OPSWAT, presents at an OPSWAT Cyber Security Seminar in DC on February 9th. This presentation covers the benefits of multi-scanning and how organizations can receive protection from both known and unknown threats through leveraging OPSWAT's technology.

Technologie
1  sur  32
Preventing Known and Unknown Threats Benny Czarny CEO & Founder OPSWAT benny@opswat.com February 9, 2016
Preventing Known and Unknown Threats Agenda  How much malware is out there  How to measure the quality of anti-malware products  The value of multi-scanning  Threat prevention
How much malware is out there? Known threats Unknown threats Targeted attack Outbreak
How much malware is out there?
How much malware is out there? How many known threats are we up against? 0 100,000,000 200,000,000 300,000,000 400,000,000 500,000,000 600,000,000 2010 2011 2012 2013 2014 2015 Differences in Reporting the Total Amount of Threats AV-Test McAfee
How much malware is out there? How many new known threats are we up against? 0 20,000,000 40,000,000 60,000,000 80,000,000 100,000,000 120,000,000 140,000,000 160,000,000 180,000,000 200,000,000 2010 2011 2012 2013 2014 2015 Differences in Detection Rates for New Malware AV-Test McAfee
How much malware is out there? Why are different measurements being used?  Different detection logic  Different engines  Different data sources  Different market share  Different honeypots
How much malware is out there? The power of crowdsourcing
How much malware is out there?
 Detection coverage  Response time for an outbreak  Amount of False Positives  Product quality and stability  Product Vulnerabilities  Operating system compatibility  Other metrics How to Measure the Quality of Anti-malware Products
How to Measure the Quality of Anti-malware Products Engine Name AV -Comparatives Performance Rating AV-Test Performance Rating Avira 90% 100% AVG 85% 70% Avast 83% 80% Panda 80% 90% McAfee 80% 80% Threat Track 80% 40% Trend Micro 78% 90% Sources: 1. AV-Test 2. AV- Comparatives Comparing AV-Test to AV-Comparatives
How to Measure the Quality of Anti-malware Products Measuring the quality of anti-malware engines – from AV-Comparatives AV Name Mar 2013 Sep 2013 Mar 2014 Sep 2014 Mar 2015 Sep 2015 Avira 99.6% 99.7% 99.2% 99.9% 99.9% 99.8% F-Secure 99.5% 99.7% 99.6% 99.6% 99.8% 99.7% Bitdefender 99.3% 99.5% 99.5% 99.6% 99.7% 99.8% Kaspersky 99.2% 99.0% 99.8% 99.7% 99.9% 99.5% Fortinet 98.6% 98.2% 99.6% 97.9% 99.6% 98.8% Trend Micro 98.4% 98.3% 99.0% 99.5% 95.1% 95.5% AVG 98.4% N/A 97.5% 98.4% 98.1% 93.4% McAfee 98.0% 98.2% 99.3% 99.8% 99.7% 97.5% Sophos 98.0% 96.5% 98.3% 98.2% 98.1% 97.2% Avast 97.8% 97.1% 97.7% 98.6% 99.4% 99.2% ESET 97.5% 97.1% 98.8% 98.7% 98.6% 99.2% AhnLab 92.0% 90.6% 89.0% 93.7% N/A N/A Microsoft 92.0% 90.1% 90.0% 90.2% 86.3% 91.4%
How to Measure the Quality of Anti-malware Products Individual Engine Vulnerabilities 0 2 4 6 8 10 12 14 Engine Vulnerabilities Over Last 4 Years 2015 2014 2013 2012 Source: National Vulnerability Database
 Do not know exactly how much malware is out there  No accurate/standard measure on quality of anti- malware engines  Quality of anti-malware engines changes from year to year  Anti-malware engines suffer from vulnerabilities  Well known vendors miss over 10% of known threats How to Measure the Quality of Anti-malware Products Conclusions
Advantages  Detect both known and unknown threats  Some engines detect over 80% of known threats How to Measure the Quality of Anti-malware Products The value of a single anti-malware solution Disadvantages  Single point of failure  Vulnerabilities  Misdetection  Detection of outbreaks may be slower/delayed
The Value of Multi-scanning
Advantages  Improved malware detection  Decreased detection time for a new outbreak  Flexible patching for anti- malware engine vulnerabilities The Value of Multi-scanning Multi-scanning Disadvantages  More false positives  Decreased performance  Higher costs  more vulnerabilities
The Value of Multi-scanning Advantage 1 - Improved malware detection Antivirus 1 X1% Detection Rate: 100% Antivirus 2 X2% Detection Rate:P(A ∪ B) = P(A) + P(B) - P(A ∩ B)
The Value of Multi-scanning Advantage 2 – Decreased detection time for an outbreak https://www.metadefender.com/#!/results/file/5268027b71414692b64649318619e33f/history
The Value of Multi-scanning Advantage 2 – Decreased detection time for an outbreak *Simulated time
The Value of Multi-scanning Disadvantage 1 – more false positives Azarus package Trojan.Generic.6304836 Buchdruck package Gen:Variant.Zbot.29 Intrapact package Gen:Trojan.Heur.VP2.fm0@a5Koffgi Shellex package Gen:Variant.Kazy.17493 Skriptum package Exploit.CVE-2011-0977.Gen Virtualization package Gen:Trojan.Heur.KT.4.bq8@aqLITyf WinnerTw package Gen:Variant.Kazy.18603 WoodMahjongg package Gen:Variant.Kazy.14979 Antivirus 1 8 False Positives AbsoluteBlue package Win32:Malware-gen DateCalc package Win32:Trojan-gen DB2EXE package Win32:Malware-gen Fiman package Win32:Malware-gen FTPcontrol package Win32:Malware-gen Joshua package Win32:Malware-gen Sardu package Win32:Dropper-FRU Shannel package Win32:Fasec ShellPicture package Win32:Malware-gen xComposer package Win:32:SMorph Antivirus 2 10 False Positives Source: www.av-comparatives.org 14AbsoluteBlue package Win32:Malware-gen Azarus package Trojan.Generic.6304836 Buchdruck package Gen:Variant.Zbot.29 DateCalc package Win32:Trojan-gen DB2EXE package Win32:Malware-gen Fiman package Win32:Malware-gen FTPcontrol package Win32:Malware-gen Intrapact package Gen:Trojan.Heur.VP2.fm0@a5Koffg i Joshua package Win32:Malware-gen ShellPicture package Win32:Malware-gen Virtualization package Gen:Trojan.Heur.KT.4.bq8@aqLITyf WinnerTw package Gen:Variant.Kazy.18603 WoodMahjongg package Gen:Variant.Kazy.14979 xComposer package Win:32:SMorph
The Value of Multi-scanning Disadvantage 2 – decreased performance
The Value of Multi-scanning Disadvantage 2 – decreased performance reality
The Value of Multi-scanning Disadvantage 3 – more costly  Hardware requirements  Additional IT training  Licensing cost  Bandwidth consumption  Other costs
The Value of Multi-scanning Reduce the risk of malware that is targeting specific engines 0 2 4 6 8 10 12 14 Avira Kaspersky Avast Windows Defender ESET BitdefenderTrend Micro Engine Vulnerabilities Over Last 4 Years 2015 2014 2013 2012 Source: National Vulnerability Database
Advantages  Improved malware detection  Decreased detection time for a new outbreak  Flexible patching for anti- malware engine vulnerabilities The Value of Multi-scanning Multi-scanning Disadvantages  More False Positives  Decreased performance  Higher costs  more vulnerabilities
The Value of Multi-scanning Known Threats Unknown Threats
The value of multi-scanning Known Threats Unknown Threats
Threat prevention Data sanitization File may be harmful Data sanitization  Different file  Harmless
Threat prevention Data sanitization File may be harmful Reconstruct file Converting format Removing elements  Different file  Harmless
Q & A Benny Czarny Benny@opswat.com

Recommandé

The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanningOPSWAT
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning TechnologyOPSWAT
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation SummitOPSWAT
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
CAS MAA Infographic
CAS MAA InfographicCAS MAA Infographic
CAS MAA InfographicBlue Coat
 

Recommandé

The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanningOPSWAT
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning TechnologyOPSWAT
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation SummitOPSWAT
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
CAS MAA Infographic
CAS MAA InfographicCAS MAA Infographic
CAS MAA InfographicBlue Coat
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Scott Brown
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013 Комсс Файквэе
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Ingram Micro Cloud
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013- Mark - Fullbright
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitn|u - The Open Security Community
 
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way ForwardCoordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way ForwardAPNIC
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsDavid Sweigert
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
Enhanced threat intelligene for s ps v3
Enhanced threat intelligene for s ps v3Enhanced threat intelligene for s ps v3
Enhanced threat intelligene for s ps v3Neil King
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizationsOPSWAT
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:Nancy Nimmegeers
 

Contenu connexe

Tendances

Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Scott Brown
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Ingram Micro Cloud
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013- Mark - Fullbright
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitn|u - The Open Security Community
 
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way ForwardCoordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way ForwardAPNIC
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsDavid Sweigert
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
Enhanced threat intelligene for s ps v3
Enhanced threat intelligene for s ps v3Enhanced threat intelligene for s ps v3
Enhanced threat intelligene for s ps v3Neil King
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
 

Tendances (20)

Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploit
 
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way ForwardCoordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
 
Enhanced threat intelligene for s ps v3
Enhanced threat intelligene for s ps v3Enhanced threat intelligene for s ps v3
Enhanced threat intelligene for s ps v3
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
 

Similaire à Preventing Known and Unknown Threats

Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizationsOPSWAT
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:Nancy Nimmegeers
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Adrian Sanabria
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Andrew Ryan
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Future-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsFuture-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsSteven SIM Kok Leong
 
INFOGRAPHIC: Top Most Dangerous Malware Trends for 2014
INFOGRAPHIC: Top Most Dangerous Malware Trends for 2014INFOGRAPHIC: Top Most Dangerous Malware Trends for 2014
INFOGRAPHIC: Top Most Dangerous Malware Trends for 2014IBM Security
 
Malware Evasion Techniques
Malware Evasion TechniquesMalware Evasion Techniques
Malware Evasion TechniquesThomas Roccia
 
Avast Antivirus
Avast AntivirusAvast Antivirus
Avast AntivirusMizamk
 

Similaire à Preventing Known and Unknown Threats (20)

Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
 
Malware detection
Malware detectionMalware detection
Malware detection
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
Avc aph 201207_en
Avc aph 201207_enAvc aph 201207_en
Avc aph 201207_en
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
 
ANTI - VIRUS
ANTI - VIRUSANTI - VIRUS
ANTI - VIRUS
 
SentinelOne Buyers Guide
SentinelOne Buyers GuideSentinelOne Buyers Guide
SentinelOne Buyers Guide
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast Mobile
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on Android
 
Future-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsFuture-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threats
 
INFOGRAPHIC: Top Most Dangerous Malware Trends for 2014
INFOGRAPHIC: Top Most Dangerous Malware Trends for 2014INFOGRAPHIC: Top Most Dangerous Malware Trends for 2014
INFOGRAPHIC: Top Most Dangerous Malware Trends for 2014
 
Malware Evasion Techniques
Malware Evasion TechniquesMalware Evasion Techniques
Malware Evasion Techniques
 
Avast Antivirus
Avast AntivirusAvast Antivirus
Avast Antivirus
 
SecPod Saner
SecPod SanerSecPod Saner
SecPod Saner
 

Plus de OPSWAT

How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsOPSWAT
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear FacilitiesOPSWAT
 
3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations3 Cases for Quarantine Confirgurations
3 Cases for Quarantine ConfirgurationsOPSWAT
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftOPSWAT
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data BreachesOPSWAT
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxOPSWAT
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data WorkflowOPSWAT
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees OPSWAT
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS FrameworkOPSWAT
 

Plus de OPSWAT (11)

How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted Applications
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
 
3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record Theft
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data Breaches
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for Linux
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data Workflow
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS Framework
 

Dernier

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Dernier (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Preventing Known and Unknown Threats

  • 1. Preventing Known and Unknown Threats Benny Czarny CEO & Founder OPSWAT benny@opswat.com February 9, 2016
  • 2. Preventing Known and Unknown Threats Agenda  How much malware is out there  How to measure the quality of anti-malware products  The value of multi-scanning  Threat prevention
  • 3. How much malware is out there? Known threats Unknown threats Targeted attack Outbreak
  • 4. How much malware is out there?
  • 5. How much malware is out there? How many known threats are we up against? 0 100,000,000 200,000,000 300,000,000 400,000,000 500,000,000 600,000,000 2010 2011 2012 2013 2014 2015 Differences in Reporting the Total Amount of Threats AV-Test McAfee
  • 6. How much malware is out there? How many new known threats are we up against? 0 20,000,000 40,000,000 60,000,000 80,000,000 100,000,000 120,000,000 140,000,000 160,000,000 180,000,000 200,000,000 2010 2011 2012 2013 2014 2015 Differences in Detection Rates for New Malware AV-Test McAfee
  • 7. How much malware is out there? Why are different measurements being used?  Different detection logic  Different engines  Different data sources  Different market share  Different honeypots
  • 8. How much malware is out there? The power of crowdsourcing
  • 9. How much malware is out there?
  • 10.  Detection coverage  Response time for an outbreak  Amount of False Positives  Product quality and stability  Product Vulnerabilities  Operating system compatibility  Other metrics How to Measure the Quality of Anti-malware Products
  • 11. How to Measure the Quality of Anti-malware Products Engine Name AV -Comparatives Performance Rating AV-Test Performance Rating Avira 90% 100% AVG 85% 70% Avast 83% 80% Panda 80% 90% McAfee 80% 80% Threat Track 80% 40% Trend Micro 78% 90% Sources: 1. AV-Test 2. AV- Comparatives Comparing AV-Test to AV-Comparatives
  • 12. How to Measure the Quality of Anti-malware Products Measuring the quality of anti-malware engines – from AV-Comparatives AV Name Mar 2013 Sep 2013 Mar 2014 Sep 2014 Mar 2015 Sep 2015 Avira 99.6% 99.7% 99.2% 99.9% 99.9% 99.8% F-Secure 99.5% 99.7% 99.6% 99.6% 99.8% 99.7% Bitdefender 99.3% 99.5% 99.5% 99.6% 99.7% 99.8% Kaspersky 99.2% 99.0% 99.8% 99.7% 99.9% 99.5% Fortinet 98.6% 98.2% 99.6% 97.9% 99.6% 98.8% Trend Micro 98.4% 98.3% 99.0% 99.5% 95.1% 95.5% AVG 98.4% N/A 97.5% 98.4% 98.1% 93.4% McAfee 98.0% 98.2% 99.3% 99.8% 99.7% 97.5% Sophos 98.0% 96.5% 98.3% 98.2% 98.1% 97.2% Avast 97.8% 97.1% 97.7% 98.6% 99.4% 99.2% ESET 97.5% 97.1% 98.8% 98.7% 98.6% 99.2% AhnLab 92.0% 90.6% 89.0% 93.7% N/A N/A Microsoft 92.0% 90.1% 90.0% 90.2% 86.3% 91.4%
  • 13. How to Measure the Quality of Anti-malware Products Individual Engine Vulnerabilities 0 2 4 6 8 10 12 14 Engine Vulnerabilities Over Last 4 Years 2015 2014 2013 2012 Source: National Vulnerability Database
  • 14.  Do not know exactly how much malware is out there  No accurate/standard measure on quality of anti- malware engines  Quality of anti-malware engines changes from year to year  Anti-malware engines suffer from vulnerabilities  Well known vendors miss over 10% of known threats How to Measure the Quality of Anti-malware Products Conclusions
  • 15. Advantages  Detect both known and unknown threats  Some engines detect over 80% of known threats How to Measure the Quality of Anti-malware Products The value of a single anti-malware solution Disadvantages  Single point of failure  Vulnerabilities  Misdetection  Detection of outbreaks may be slower/delayed
  • 16. The Value of Multi-scanning
  • 17. Advantages  Improved malware detection  Decreased detection time for a new outbreak  Flexible patching for anti- malware engine vulnerabilities The Value of Multi-scanning Multi-scanning Disadvantages  More false positives  Decreased performance  Higher costs  more vulnerabilities
  • 18. The Value of Multi-scanning Advantage 1 - Improved malware detection Antivirus 1 X1% Detection Rate: 100% Antivirus 2 X2% Detection Rate:P(A ∪ B) = P(A) + P(B) - P(A ∩ B)
  • 19. The Value of Multi-scanning Advantage 2 – Decreased detection time for an outbreak https://www.metadefender.com/#!/results/file/5268027b71414692b64649318619e33f/history
  • 20. The Value of Multi-scanning Advantage 2 – Decreased detection time for an outbreak *Simulated time
  • 21. The Value of Multi-scanning Disadvantage 1 – more false positives Azarus package Trojan.Generic.6304836 Buchdruck package Gen:Variant.Zbot.29 Intrapact package Gen:Trojan.Heur.VP2.fm0@a5Koffgi Shellex package Gen:Variant.Kazy.17493 Skriptum package Exploit.CVE-2011-0977.Gen Virtualization package Gen:Trojan.Heur.KT.4.bq8@aqLITyf WinnerTw package Gen:Variant.Kazy.18603 WoodMahjongg package Gen:Variant.Kazy.14979 Antivirus 1 8 False Positives AbsoluteBlue package Win32:Malware-gen DateCalc package Win32:Trojan-gen DB2EXE package Win32:Malware-gen Fiman package Win32:Malware-gen FTPcontrol package Win32:Malware-gen Joshua package Win32:Malware-gen Sardu package Win32:Dropper-FRU Shannel package Win32:Fasec ShellPicture package Win32:Malware-gen xComposer package Win:32:SMorph Antivirus 2 10 False Positives Source: www.av-comparatives.org 14AbsoluteBlue package Win32:Malware-gen Azarus package Trojan.Generic.6304836 Buchdruck package Gen:Variant.Zbot.29 DateCalc package Win32:Trojan-gen DB2EXE package Win32:Malware-gen Fiman package Win32:Malware-gen FTPcontrol package Win32:Malware-gen Intrapact package Gen:Trojan.Heur.VP2.fm0@a5Koffg i Joshua package Win32:Malware-gen ShellPicture package Win32:Malware-gen Virtualization package Gen:Trojan.Heur.KT.4.bq8@aqLITyf WinnerTw package Gen:Variant.Kazy.18603 WoodMahjongg package Gen:Variant.Kazy.14979 xComposer package Win:32:SMorph
  • 22. The Value of Multi-scanning Disadvantage 2 – decreased performance
  • 23. The Value of Multi-scanning Disadvantage 2 – decreased performance reality
  • 24. The Value of Multi-scanning Disadvantage 3 – more costly  Hardware requirements  Additional IT training  Licensing cost  Bandwidth consumption  Other costs
  • 25. The Value of Multi-scanning Reduce the risk of malware that is targeting specific engines 0 2 4 6 8 10 12 14 Avira Kaspersky Avast Windows Defender ESET BitdefenderTrend Micro Engine Vulnerabilities Over Last 4 Years 2015 2014 2013 2012 Source: National Vulnerability Database
  • 26. Advantages  Improved malware detection  Decreased detection time for a new outbreak  Flexible patching for anti- malware engine vulnerabilities The Value of Multi-scanning Multi-scanning Disadvantages  More False Positives  Decreased performance  Higher costs  more vulnerabilities
  • 27. The Value of Multi-scanning Known Threats Unknown Threats
  • 28. The value of multi-scanning Known Threats Unknown Threats
  • 29.
  • 30. Threat prevention Data sanitization File may be harmful Data sanitization  Different file  Harmless
  • 31. Threat prevention Data sanitization File may be harmful Reconstruct file Converting format Removing elements  Different file  Harmless
  • 32. Q & A Benny Czarny Benny@opswat.com

Notes de l'éditeur

  1. When we look at the threat landscape we see known threats to the industry and unknown threats 2 example Advanced threats or targeted attacks For example stuxnet started as a targeted attack and now it is a known threat An outbreak sometimes start as unknown to the industry and end up as
  2. So how much known threat is out there ?
  3. Look at 2 reputable sources with a research team Av-test Mcafee Both publish their research online and share data
  4. When we examined the rate of accumulation we astill etting very different results