Volume of Threat:
The AV Update Deployment Bottleneck
Wei Yan • Anthony Arrott • Robert McArdle


                        ...
Malware Volume Increase
            Number of New Unique Malware Samples
                        Source: www.AV-Test.org
 ...
More Samples -> More Patterns

  Increase in Malware Samples




                       10/2/2009   Copyright 2009 Trend M...
More Samples -> More Patterns

  Increase in Malware Samples

  Increase in Patterns




                         10/2/200...
More Samples -> More Patterns

  Increase in Malware Samples

  Increase in Patterns




                         10/2/200...
AV Updates (Now)
                   S

                   H




 Signatures
    Static
 Signatures
 Heuristics
 Heuristics...
AV Updates (Future)
                   S
               Fingerprint
               Fi      i t
                   H

     ...
Cloud Architecture
      Private Cloud
      Private Cloud                                             Public Cloud
      ...
Putting it all together
      Private Cloud
      Private Cloud                                           Public Cloud
   ...
Does all this work?




    Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/...
Conclusions

  Increase in Malware -> AV Update Bottleneck




                        10/2/2009   Copyright 2009 Trend Mi...
Conclusions

  Increase in Malware -> AV Update Bottleneck

  Current Pattern Deployment on it’s last legs




           ...
Conclusions

  Increase in Malware -> AV Update Bottleneck

  Current Pattern Deployment on it’s last legs

  Cloud system...
Classification 10/2/2009   Copyright 2009 Trend Micro Inc. 14
Backup Slides


                Copyright 2009 Trend Micro Inc.
NSS Labs Report




  Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/




 ...
NSS Labs Report




    Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/

  ...
Upcoming SlideShare
Loading in...5
×

Volume of Threat: The AV update deployment bottleneck

327

Published on

Volume of threat: the AV update deployment bottleneck
Wei Yan Trend Micro
Anthony Arrott Trend Micro

As cyber criminals continue to advance their malware development skills, the security industry has responded with new technologies to combat the new threats. Most recently, however, the cyber criminals have exploited an inherent weakness in the traditional security industry approach to AV protection. As AV solution vendors discover new threats and develop countermeasures, newly acquired threat knowledge must be deployed to all the protected computers and networks. In the last two years, the perpetrators of digital threats have increasingly automated the processes of producing new unique threat variants. On average, over 2,000 new unique malware threats are introduced to the Internet every hour. It now takes less than a week to produce the entire malware output of 2005.

As the flow of new threats increases, the timely deployment of AV pattern files to protected systems all over the world is becoming overwhelmed. Various responses by AV solution vendors to this assault are examined and compared, especially with respect to minimizing deployment delays and network resource utilization costs.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
327
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Volume of Threat: The AV update deployment bottleneck

  1. 1. Volume of Threat: The AV Update Deployment Bottleneck Wei Yan • Anthony Arrott • Robert McArdle 10/2/2009 Copyright 2009 Trend Micro Inc. 1
  2. 2. Malware Volume Increase Number of New Unique Malware Samples Source: www.AV-Test.org 16000000 15 Million 14000000 12000000 10000000 8 Million 8000000 6000000 4.5 Million 4000000 2000000 1 Million 333 K 0 2005 2006 2007 2008 2009* Classification 10/2/2009 Copyright 2009 Trend Micro Inc. 2
  3. 3. More Samples -> More Patterns Increase in Malware Samples 10/2/2009 Copyright 2009 Trend Micro Inc. 3
  4. 4. More Samples -> More Patterns Increase in Malware Samples Increase in Patterns 10/2/2009 Copyright 2009 Trend Micro Inc. 4
  5. 5. More Samples -> More Patterns Increase in Malware Samples Increase in Patterns 10/2/2009 Copyright 2009 Trend Micro Inc. 5
  6. 6. AV Updates (Now) S H Signatures Static Signatures Heuristics Heuristics Copyright 2009 Trend Micro Inc. 6
  7. 7. AV Updates (Future) S Fingerprint Fi i t H Result Sig Index Static Signatures Heuristics Signatures Heuristics Copyright 2009 Trend Micro Inc. 7
  8. 8. Cloud Architecture Private Cloud Private Cloud Public Cloud Public Cloud • Complete Control • Limited API Access • Cl Clear control of QoS t l fQ S • Li it d Q S b d Limited QoS based on SLA SLA • Control Security Settings • Unclear Security Standards • Excellent Load Balancing & Excellent Load Balancing &  Location Awareness • Time Critical Systems • Non‐Time Critical Systems • Continuous Communications • Unpredictable  Communications Copyright 2009 Trend Micro Inc. 8
  9. 9. Putting it all together Private Cloud Private Cloud Public Cloud Public Cloud Web Threat Services Pattern Updates Malware Scanning Software Updates Correlation Load Balancing Pattern Updates Time Critical Location Aware Software Updates Software Updates Time Critical Service Oriented Management Adaptor Load Balancing Oriented Management Adaptor d Service l Location Aware Copyright 2009 Trend Micro Inc. 9
  10. 10. Does all this work? Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/ Copyright 2009 Trend Micro Inc. 10
  11. 11. Conclusions Increase in Malware -> AV Update Bottleneck 10/2/2009 Copyright 2009 Trend Micro Inc. 11
  12. 12. Conclusions Increase in Malware -> AV Update Bottleneck Current Pattern Deployment on it’s last legs 10/2/2009 Copyright 2009 Trend Micro Inc. 12
  13. 13. Conclusions Increase in Malware -> AV Update Bottleneck Current Pattern Deployment on it’s last legs Cloud system is a powerful new layer of defense Classification 10/2/2009 Copyright 2009 Trend Micro Inc. 13
  14. 14. Classification 10/2/2009 Copyright 2009 Trend Micro Inc. 14
  15. 15. Backup Slides Copyright 2009 Trend Micro Inc.
  16. 16. NSS Labs Report Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/ Copyright 2009 Trend Micro Inc. 16
  17. 17. NSS Labs Report Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/ Copyright 2009 Trend Micro Inc. 17
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×