Someone called to my attention a new white paper by Cyveillance called the “Cyber Intelligence Report, August 2009”. In this report Cyveillance tested the detection rates of 13 leading antivirus tools by feeding these tools confirmed malicious files in real time. The test ran from 5/12 through 6/10. No other details are provided such as how many unique instances of malware were used or how the test platform was configured.
The detection rates from this test are eye opening. The average daily detection rate for the 13 AV products ranged from 16% to 44%, with the average of about 29%. Good hit rate if you are a baseball player, but not great for an endpoint protection tool.
If this test is accurate, then a malicious file has a 2 in 3 change of getting past the AV protection. There are too few details about the study for me to be comfortable with the numbers, but even if they are off by 50%, we are still talking about a 1 in 2 chance. Yikes.
So you can look at this one of two ways. The first is that you need some other form of shield to detect the bad stuff and keep it away from your endpoint machines. I am quite sure that is the point that Cyveillance is trying to make in this white paper. The other approach is to come to terms with the fact that no matter how well you protect the endpoint environment, no matter how deep your defense in depth strategy is, malicious stuff will find its way to the machines. You need some form of Plan B, and this is where Triumfant comes into the story.
Triumfant is not a shield. But what it will do is see the malicious attacks that make it onto your endpoint machines. Not only will it detect those attacks, it will analyze them, determine the full scope of the attack, and build a surgical situational remediation on the fly that stops the attacks and fixes all of the collateral damage associated with the attack. With Triumfant you go from detection to remediation in five minutes or less. No matter how the malware got there. No signature required, no human intervention needed.
Sounds like a solid Plan B to me.
Studies like this and many other all point to one fact – regardless of what endpoint protection you have, things will get through to the endpoint. Instead of adding lots more layers to the shield, might it be time to look hard at something that can help when the inevitable happens and malware gets through?
Click here to subscribe
[...] of defense. Everything that falls through the nets – and there is a lot of evidence (read here, here and here) that there is plenty that does – and makes it to the endpoint will be detected [...]
[...] to our blog that deal with antivirus detection rates such as “Antivirus Detection Rates – It is Clear You Need a Plan B” are consistently the most viewed entries, so I thought this study would prove a popular [...]
[...] to our blog that deal with antivirus detection rates such as “Antivirus Detection Rates – It is Clear You Need a Plan B” are consistently the most viewed entries, so I thought this study would prove a popular read. [...]
[...] of the most downloaded blog entries was called “Antivirus Detection Rates – It Is Clear You Need a Plan B”. The more I think about the title, the more I realize I was wrong: having a tool in place that [...]