This morning we updated the Triumfant Worldwide Malware Signature Counter to adjust the count upward and to accelerate the rate at which it increments to keep pace with what Symantec is reporting for their signature count. When we introduced the counter we made every attempt to model the rate of increment to the data presented in the Symantec Global Internet Security Threat Report, and we have been tracking the Symantec signature counts to ensure that the counter is as accurate as possible.
It should be noted that the counter started the year at roughly 2.6 million and has just passed 4.2 million. This is noteworthy because the 1.6 million new signatures is the equivalent to the number of new signatures Symantec reported for all of 2008, and we have not yet hit the halfway point in the year. Given that a graph of the signature counts appears to be geometric rather than linear, we expect the rate of increase to accelerate and raise that delta for 2009 to on or about 4 million signatures. For the second year in a row, the number of new signature for just this year will surpass the previous combined total number of signatures.
When we had the idea for the counter, we were careful to apply some science and statistical analysis to the process because we wanted to be fair and conservative. The counter was never meant to be about hype – it was built to provide a visual representation of the unsustainable nature of the signature model for defensive software. That is why we are updating the counter in our attempts for accuracy, and we will also adjust the numbers down if we see that it begins to exceed the reported numbers.
The point of this exercise remains the same. Companies and government agencies must look beyond signature based tools for endpoint protection, as the sheer volume of new attacks makes it impossible for these tools to protect organizations from malicious activity. Many new approaches to endpoint security such as behavioral analysis and heuristics still require previous knowledge of the attack to be really effective. Triumfant is the one tool on the market that can detect, analyze and remediate a malicious attack without any prior knowledge of the attack. No waiting for a vendor to create a remediation script or signature. Remediation is minutes not hours or days. And as the counter illustrates, every day your organization does not look beyond signature based tools, the problem only grows worse.
I would also note that the counter is not meant as a direct poke at Symantec. We use their numbers because of our respect for the capabilities of their research team and because they graciously make their numbers public. Other products that use signatures may have differing counts when it comes to signatures, but the basic problem still exists for those solutions.
I have heard a lot of complaints from IT security people that say there has not been much new in the way of technology lately. I would respectfully disagree and would invite you to have a look at the Triumfant solution and get a feel for how it works via a video of our Three Minute Malware Challenge from RSA. Words don’t do the product justice, so the video will provide much deeper insight. Then give us a call and let’s talk about what is keeping you up at night and allow us to show you how we can help.
Click here to subscribe
