File Integrity Monitoring NON STOP FILE INTEGRITY MONITORING

It has been said before, but if you need another marker to show just how marginalized anti-virus technology is becoming, research carried out by Lastline Labs really brings the message home.

The summary of their findings below probably confirm your worst suspicions about malware and AV

  • On Day 0, only 51% of antivirus scanners detected new malware samples
  • When none of the antivirus scanners detected a malware sample on the first day, it took an average of two days for at least one antivirus scanner to detect it
  • After two weeks, there was a notable bump in detection rates (up to 61%), indicating a common lag time for antivirus vendors
  • Over the course of 365 days, no single antivirus scanner had a perfect day - a day in which it caught every new malware sample
  • After a year, there are samples that 10% of the scanners still do not detect

What is even more sobering is this comment “Our hypothesis is that the least detectable malware is designed to both evade detection and fingerprint the analysis environment”

In other words, the malware that AV is detecting is the basic, ‘mass market’ stuff. This leaves the serious, most damaging, targeted malware undetected, precisely the kind of malware we REALLY need to be concerned with.

For example, malware being used purposefully to steal payment card data, intellectual property, R&D work and financial information, or being used to leverage extortion, industrial or political espionage.

The conclusion from Lastline Labs is that AV must be operated in conjunction with other technologies that improve malware identification. A comprehensive security strategy is really the only response that is going to cut it – system hardening, File Integrity Monitoring, log analysis and breach detection as contingency, implemented in conjunction with rigorously-operated security best practices.

 

Read the full Lastline Labs research on Anti-Virus Scanner effectiveness ‘Antivirus Isn't Dead, It Just Can't Keep Up’ 

 

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JN

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.