In most epidemic films, virus hunters are looking for the infamous ‘Patient Zero’ – the first patient to have contracted the virus, and who then played host for the massive spread of the virus through populations. While recent movies have played into the fear of sickness, information security experts have to deal with these realities every day. Increasingly, information security is coming under some new threats that appear to be massive changes of risk in all areas of information technology. These attacks are coming from the rapidly morphing virus threats that are previously unknown to the anti-virus software systems that many enterprise companies rely on (commonly known as zero-day viruses or malware).
In fact, according to Corey Nachreiner, CTO at WatchGuard Technologies, “We have different types of malware detection services, including a signature and heuristic-based gateway antivirus. What we found was that 30 percent of the malware would have been missed by the signature-based antiviruses.” This huge number of undetected malware threats poses a serious and substantial risk to companies in the marketplace. The reason for this increasing threat is that the makers of viruses and malware are creating very minor signature changes in the coding that make the traditional antivirus software unable to detect them. This allows for substantial exploits across a variety of different platforms. The greatest risk seems to be in the Linux arena, where trojans have been designed to turn infected devices into zombies. Other points of concern include web browser and server-targeted exploits.
The solution is to focus not on signature coding in viruses that can easily be manipulated to hide the malware, but to analyze data on a large scale in order to determine where activity is suspicious and therefore probably hiding zero-day viruses. Of course this requires substantial computing power and infrastructure. A two-pronged approach will be increasingly necessary, seeking to block the signature virus threats while at the same time analyzing data for behavior of zero-day threats as well.
In the business landscape, this means greater investment into security control and a more comprehensive approach to security analysis. The days of simple software detection are gone. Even old threats like malware macros in MS Word attachments are making a huge comeback, since the attachments are not generally scanned by network defense systems. CTOs and security management teams need to seek systems that will combine the legacy systems with newer and more advance analysis tools in order to protect their networks from large scale attack and disruption. When the average cost of a breach has just exceeded $4 million (according to an IBM study), the cost of high grade security might be a pittance in comparison. Security will continue to be a thorn in the side of business, but the systems to manage it will continue to answer the coming threats. The search for patient zero isn’t a search for one (ala epidemic moves), but a search for thousands every day!