More news releases by year:
Return to: 2010 News Releases
HOUSTON, Sept. 29, 2010 - A new virus detection and signature service launched today by managed security company, Network Box, aims to reduce the time it takes to respond to a serious new internet threat, pushing response times down from hours, which is common throughout the industry, to less than one minute.
Network Box’s Sentinel Antivirus Engine focuses on developing its own signatures to protect against emerging viruses within one minute of the threat being seen; rather than waiting for the antivirus industry to release a new signature (which can take hours). The Sentinel Antivirus Engine works with Network Box’s existing antivirus technology and automatic PUSH updates to provide the fastest protection against new threats available on the market.
While heuristic, reputation and relationship technologies continue to improve (and are an important tool in the fight against malware) signature based systems remain the primary technology used in malware protection.
August 2010 saw another huge increase in the number of malicious viruses spreading via email (up 296.6 per cent in July). The sheer volume of malware, and the work that needs to be done to protect against each - obtaining samples, analysis, producing and validating signatures, and then releasing updates - means that the process of protecting against an emerging threat can take several hours. The Network Box Sentinel Antivirus Engine aims to reduce this time to less than one minute, by producing its own signatures (in addition to existing process of releasing millions of antivirus signatures from the top antivirus software manufacturers).
Response times during testing were less than 30 seconds for a signature for a single new suspicious sample; and less than 15 seconds for multiple samples. Signature release time, globally, is less than 3 seconds (including thorough validation).
Network Box Sentinel Antivirus Engine operates by continually analysing all the threat information that is received by the company’s proprietary Network Box Security Response system (such as spamtraps, virustraps, customer submissions, mail and http statistics, suspect samples, etc). This is done 24 hours a day, seven days a week, 365 days a year.
This information is used to determine that a particular object may be malicious; and the system maintains a confidence level for the likelihood of an object being malicious. Confidence levels are expressed as a percentage (with 0 per cent being a new sample, and 100 being absolute certainty the object is malicious).
This confidence level score is used in three ways:
Only executable (or objects with the capability to embed executable) code have confidences assigned by the system. It is common to see a new outbreak enter the system with a low confidence level, but for that level to be rapidly escalated upwards as more samples from more sources are seen. Once that happens, the confidence level reaches 100 per cent and a formal signature released.
Security managers can set at what levels they want an object blocked (the default block is 50 per cent, but can be adjusted according to each company’s security requirements).
Return to: 2010 News Releases