Anyone who has been keeping up with the news lately knows that the threat of malware has increased in recent months, but a new report has revealed that malicious software has run so rampant that some security tools are defenseless against it. A recent report from security firm Enex TestLab found that malware creation so outpaced security advancements in the second half of 2014 that there were some months where solutions from major security companies that weren't able to detect any of the malicious software they were presented with.
As part of its eThreatz automated malware testing program, researchers from Enex regularly tests security tools from vendors including Symantec, McAfee, Trend Micro and Kaspersky. Every month, the security packages were subjected to attacks from a random sample of 33 different strains of malware. In the first half of last year the lowest detection score was 17 percent, but during the last six months of 2014 the lowest score dropped to 0 percent – Microsoft's program failed to detect even a single piece of malicious software. Even the program with the highest score wasn't able to identify all of the malware samples it was given to analyze, and many of the biggest name security solutions detected less than one-quarter of the malware it was presented with.
The worst month for malware creation last year appeared to be July, responsible for Microsoft's 0 percent detection rate. The Kronos banking malware widely emerged during that time, with the software being advertised heavily on online forums and spurring the creation of many similar strains. Many samples for July 2014 also began to include encryption in their designs, adding to the difficulty of their detection. Internet users didn't fare much better in August, with detection rates dismally low and malware creation through the roof.
September through November 2014 showed a slight recovery as security solutions slowly adapted to the newer strains and became better at catching their variants. However the optimism was short lived, as December of last year saw a whole new surge of malware creation. During this influx of new software, 50 percent of the security programs tested were incapable of detecting even half of the malware they analyzed. If the patterns from 2014 are any indication, malware creation during this month will likely wreak havoc on companies employing traditional security methods.
Big data security picks up the slack
With new malware being created at such an unprecedented rate, the traditional methods for detecting strains are becoming increasingly unreliable. The programs tested by Enex TestLab work by matching software it encounters to existing samples of malware, which is no longer useful if the program hasn't come across a new strain before. Instead of this outdated method of network defense, many enterprises are beginning to turn to big data security solutions for more comprehensive protection.
"The goal of big data analytics for security is to obtain actionable intelligence in real time," said Alvaro Cardenas, lead author of a Cloud Security Alliance report on big data security. "We have only just begun, but are anxious to move forward in helping the industry understand its potential with new research directions in big data security."
Solutions like security information and event management utilize big data analytics to monitor network activity and create a baseline for what normal behavior looks like. By doing so, anomalous behavior is immediately detected and the event information provided to internal IT staff who can determine if it was caused by a malicious actor. This type of monitoring and analysis allows organizations to not only increase their threat response time, but to create more comprehensive defense posture overall.