Reputation tech can beat e-crimeDate: November 01, 2010
In such a scenario, it is evident that prevention is better than cure! While traditional signature based defenses against malware may have been sufficient yesterday, they cannot completely protect you from today’s smarter and more sophisticated cybercriminals.
Two trends have had a negative impact on the effectiveness of traditional approaches to security. First, many of today’s threats are highly polymorphic—they are able to hide easily because nearly every instance of the threat is ever so slightly different from its predecessor. Second, most threats today are delivered via Web-based attacks. The Web greatly eases the distribution of polymorphic threat variants. Together, these two techniques push the limits of conventional defenses. To put this in perspective, consider that we identified more than 240 million distinct new malicious programs in 2009, a 100 percent increase over 2008, according to the Symantec Internet Security Threat Report XV.
Looking at the sheer volume of infected systems in the world, one thing is resoundingly clear: basic security protection is not good enough. Traditional security is obsolete, and it’s now time for change. From web page rankings to finding the perfect restaurant, the concept of “reputation” has harnessed statistics and ratings to solve several problems online.
Specifically, reputation technology takes the greatest weapon cyber criminals have in their arsenal – their ability to generate unique pieces of malware at an alarming rate – and turns that very weapon against them. Harnessing the power of millions of users united against cyber crime reputation technology gives consumers the power to ‘deny’ digital dangers and ‘allow’ a safe online experience. It lets us stop the bad guys even if we’ve never seen their ‘wanted’ poster.
Today, cyber criminals are furiously writing and then rewriting new and unique pieces of malware, hoping to stay under the radar of threat signatures for as long as possible. With reputation technology, the very uniqueness of a file and its attributes is what helps us identify it as new malware. Reputation technology tracks files and applications and dozens of their attributes such as their age, download source, digital signature, and prevalence. These are then combined to determine a reputation of the file. As a file is distributed across the Internet and these attributes change, reputation based security updates the “reputation” of the file. This ‘reputation’ is especially important when a file is new, likely to be a threat, and traditional defenses are not likely to detect it.
Thanks to reputation based security, attackers can no longer evade detection by tweaking threats, thus shifting the odds dramatically in favour of the good guys. This means even if cybercriminals raise their game, innocent consumers can use the internet confidently and without fear.
Add comment Email to a Friend