Return to: 2010 News Releases

Network Box Launches Sentinel Antivirus Engine

HOUSTON, Sept. 29, 2010 - A new virus detection and signature service launched today by managed security company, Network Box, aims to reduce the time it takes to respond to a serious new internet threat, pushing response times down from hours, which is common throughout the industry, to less than one minute.

Network Box’s Sentinel Antivirus Engine focuses on developing its own signatures to protect against emerging viruses within one minute of the threat being seen; rather than waiting for the antivirus industry to release a new signature (which can take hours). The Sentinel Antivirus Engine works with Network Box’s existing antivirus technology and automatic PUSH updates to provide the fastest protection against new threats available on the market.

While heuristic, reputation and relationship technologies continue to improve (and are an important tool in the fight against malware) signature based systems remain the primary technology used in malware protection.

August 2010 saw another huge increase in the number of malicious viruses spreading via email (up 296.6 per cent in July). The sheer volume of malware, and the work that needs to be done to protect against each - obtaining samples, analysis, producing and validating signatures, and then releasing updates - means that the process of protecting against an emerging threat can take several hours. The Network Box Sentinel Antivirus Engine aims to reduce this time to less than one minute, by producing its own signatures (in addition to existing process of releasing millions of antivirus signatures from the top antivirus software manufacturers).

Response times during testing were less than 30 seconds for a signature for a single new suspicious sample; and less than 15 seconds for multiple samples. Signature release time, globally, is less than 3 seconds (including thorough validation).

Network Box Sentinel Antivirus Engine operates by continually analysing all the threat information that is received by the company’s proprietary Network Box Security Response system (such as spamtraps, virustraps, customer submissions, mail and http statistics, suspect samples, etc). This is done 24 hours a day, seven days a week, 365 days a year.

This information is used to determine that a particular object may be malicious; and the system maintains a confidence level for the likelihood of an object being malicious. Confidence levels are expressed as a percentage (with 0 per cent being a new sample, and 100 being absolute certainty the object is malicious).

This confidence level score is used in three ways:

  1. Multiple samples, from different sources, of the same suspicious object are correlated in real-time, in order to dynamically adjust the confidence level
  2. Once the confidence level reaches a pre-set limit, suspicious files are automatically escalated to a security team for in-depth analysis of the outbreak, and a formal signature release
  3. Confidence levels are published in a global real-time database and queried by a module on each Network Box in real-time

Only executable (or objects with the capability to embed executable) code have confidences assigned by the system. It is common to see a new outbreak enter the system with a low confidence level, but for that level to be rapidly escalated upwards as more samples from more sources are seen. Once that happens, the confidence level reaches 100 per cent and a formal signature released.

Security managers can set at what levels they want an object blocked (the default block is 50 per cent, but can be adjusted according to each company’s security requirements).

About Network Box:

Network Box Limited (NBL) is an international managed security services company, specialising in unified threat management (UTM).  It continuously defends the networks of its customers using PUSH technology to instantaneously update protection, from 12 Security Operations Centers spread around the globe.  NBL’s customers in Asia, Australia, North America and Europe include companies such as BMW, Nintendo and Toyota, as well as banks, utilities companies and government organisations.

Return to: 2010 News Releases