hp-security-research-cyber-risk-report-pdf-2-w-1408
hp-security-research-cyber-risk-report-pdf-2-w-1408
hp-security-research-cyber-risk-report-pdf-2-w-1408
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
HP Security Research | Cyber Risk Report 2015ThreatsThe end game of many attackers that exploit vulnerabilities is to install various types ofmalware. In 2014 the malware problem continued unabated, and while the anti-malwareindustry has introduced multiple new approaches to the issues it faces, the impact of thosemeasures on the <strong>security</strong> of organizations and the public is questionable. Increasingly, antimalwaretechnologies rely on monitoring for particular behaviors rather than monitoring for thepresence of particular files, and they harness Big Data and cloud capabilities in order to detectand address new malware families by aggregating multiple data points and dimensions. Byutilizing these technologies, the ability to detect malicious files heuristically (that is, to identifymalware not seen before based strictly on its characteristics) has improved—but nowhere nearenough. The defenders are worried—are we winning the war against malware, or are we goingto be swept away by the rising tide?Windows malware overviewState of protectionYear after year, the number of newly created malware samples balloons. In 2013, AV-Test.org, a reputable independent anti-malware testing organization, collected 83 million malwaresamples. For 2014 the final number is expected to be close to 140 million. If we simplyextrapolate the numbers, we can be almost certain we will reach the 200 million mark in thecoming year.If we consider that 200 million number, we see that to reach it over the year, AV-Test—or anyreputable anti-malware vendor—should be capable of processing an average of 600,000samples every single day. The increasing number of samples poses great challenges for antimalwareengines, and the rates of detection for previously unknown malware instances aredeclining.Our tests on standard scanning engines, conducted over a set of over 80 million samplesin cooperation with ReversingLabs, show that detection of previously unknown samples atthe moment of discovery significantly varies from vendor to vendor. This illustrates the needfor complementary protection technologies that provide more dynamic protection. Thesetechnologies are usually built into most endpoint <strong>security</strong> products.Figure 6. Unique malware samples collected by AV-Test140120100Millions8060402002005 2006 2007 2008 2009 2010 2011 2012 2013 201424
Change language