An automated and independent malware testing service has taken a quick break from analyzing malware such as worms, information stealers, and rootkits so that it can crunch some numbers — and the news isn’t good for enterprises that rely exclusively on prevention-based security software packages.
As reported by David Braue of CSO Online, the aggregated the results of the regular monthly test of 33 different malware threats, and found that in the second half of 2014 none of the eight security packages included in its analysis — each of which are produced by major vendors — detected 100% of threats. The best-performing package detected 86% of malware, while the worst detected just 12%. The average detection rate for all eight packages was 55%.
“Malware authors continued to outpace security vendors in the second half of 2014, releasing so many and so varied malware strains that in some months security tools from major vendors did not detect any of the malware they were presented with,” writes Braue.
Despite the feeble malware detection rates, the report’s findings do not invalidate the necessity of prevention-based software packages. They still need to be part of an enterprise’s overall cybersecurity system. However, these findings starkly highlight that:
- Bad actors are racing to create new malware types and strains that are specifically designed to penetrate gaps in conventional breach prevention software. [See example in new version of Dyre malware]
- Many enterprises are currently under attack right now, but are unaware because their breach prevention software has not set off any alarms. Indeed, attacks at Target, Home Depot, K-Mart, and many other high-profile enterprises lasted for months before they were detected.
- Enterprises need to augment their breach prevention software with new technology that enables them to rapidly detect actual infections, identify compromised devices, and remediate malware at every stage of the kill chain.
The bottom-line is that in today’s evolving cyber threat landscape, preventing 100% of malware infections with any (or even every) software package available is not just unlikely: it’s impossible.
The sooner that enterprises accept this fact and start focusing on detection, the safer their assets, people, customers, and reputations will be.
Click to edit your new post...