Volume of Threat: The AV update deployment bottleneck
-
Upload
anthony-arrott -
Category
Documents
-
view
323 -
download
3
description
Transcript of Volume of Threat: The AV update deployment bottleneck
Volume of Threat:The AV Update Deployment BottleneckThe AV Update Deployment Bottleneck
Wei Yan • Anthony Arrott • Robert McArdle
Copyright 2009 Trend Micro Inc.10/2/2009 1
Malware Volume IncreaseNumber of New Unique Malware Samples
15 Million14000000
16000000
Number of New Unique Malware SamplesSource: www.AV-Test.org
12000000
14000000
8 Million8000000
10000000
4.5 Million
4000000
6000000
333 K1 Million
2000000
4000000
Copyright 2009 Trend Micro Inc.Classification 10/2/2009 2
02005 2006 2007 2008 2009*
More Samples -> More Patterns
Increase in Malware Samples
Copyright 2009 Trend Micro Inc.10/2/2009 3
More Samples -> More Patterns
Increase in Malware Samples
Increase in Patterns
Copyright 2009 Trend Micro Inc.10/2/2009 4
More Samples -> More Patterns
Increase in Malware Samples
Increase in Patterns
Copyright 2009 Trend Micro Inc.10/2/2009 5
AV Updates (Now)S
H
SignaturesStaticSignatures
Heuristics
Signatures
Heuristics
Copyright 2009 Trend Micro Inc. 6
AV Updates (Future)
Fi i tS
FingerprintH
Result
StaticSignaturesSig IndexSignaturesHeuristics Signatures
Heuristics
Copyright 2009 Trend Micro Inc. 7
Cloud ArchitecturePublic CloudPrivate Cloud
• Complete ControlCl t l f Q S
• Limited API AccessLi it d Q S b d SLA
Public CloudPrivate Cloud
• Clear control of QoS• Control Security Settings
• Limited QoS based on SLA• Unclear Security Standards• Excellent Load Balancing &Excellent Load Balancing & Location Awareness
• Time Critical Systems• Continuous Communications
• Non‐Time Critical Systems• Unpredictable CommunicationsCommunications
Copyright 2009 Trend Micro Inc. 8
Putting it all togetherPublic CloudPrivate Cloud Public CloudPrivate Cloud
Web Threat Services Pattern Updates
Malware Scanning Software Updates
Load BalancingCorrelation
Pattern Updates
Software Updates
Location AwareTime Critical
Service Oriented Management Adaptor
Software Updates
d l
Time CriticalService Oriented Management Adaptor
Location Aware
Load Balancing
Copyright 2009 Trend Micro Inc. 9
Does all this work?
Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/
Copyright 2009 Trend Micro Inc. 10
Conclusions
Increase in Malware -> AV Update Bottleneck
Copyright 2009 Trend Micro Inc.10/2/2009 11
Conclusions
Increase in Malware -> AV Update Bottleneck
Current Pattern Deployment on it’s last legs
Copyright 2009 Trend Micro Inc.10/2/2009 12
Conclusions
Increase in Malware -> AV Update Bottleneck
Current Pattern Deployment on it’s last legs
Cloud system is a powerful new layer of defenseCloud system is a powerful new layer of defense
Copyright 2009 Trend Micro Inc.Classification 10/2/2009 13
Copyright 2009 Trend Micro Inc.Classification 10/2/2009 14
Backup SlidesBackup Slides
Copyright 2009 Trend Micro Inc.
NSS Labs Report
Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/
Copyright 2009 Trend Micro Inc. 16
NSS Labs Report
Copyright 2009 Trend Micro Inc. 17
Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/