Computerworld ran an article today "RSA: New threats could make traditional antivirus tools ineffective" that stated "Signature-based technologies are now "crumbling under the pressure of the number of attacks from cybercriminals," said Art Coviello, president of RSA Inc., the security division of EMC Corp. This year alone, about 200,000 virus variants are expected to be released, he said. At the same time, antivirus companies are, on average, at least two months behind in tracking malware. And "static" intrusion-detection systems can intercept only about 70% of new threats."
The article quotes Amir Lev, president of Commtuch Software Ltd. "New server-side polymorphic viruses threats like the recent Storm worm, however, contain a staggering number of distinct, low-volume and short-lived variants and are impossible to stop with a single signature, Lev said. Typically, such viruses are distributed in successive waves of attacks in which each variant tries to infect as many systems as possible and stops spreading before antivirus vendors have a chance to write a signature for it.
Storm had more than 40,000 distinct variants and was distributed in short, rapid-fire bursts of activity in an effort to overwhelm signature- and behavior-based antivirus engines, Lev said.
By the time a signature is released for one variant, it has often already stopped circulating and has been replaced by several other variants, he said. "
This confirms the many blogs I have written stating that relying upon existing anti-virus and intrusion detection systems as the primary enterprise defense is not enough. Have in place layers of authentication security or you might be a victim rather than a healthy survivor of a criminal attack.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us