All the latest UK technology news, reviews and analysis


Malware boom forces security vendors to roll out upgrades every 40 minutes

08 Apr 2014
Symantec logo

DUBLIN: A boom in cybercrime levels is forcing security vendors to release defence updates every 40 minutes, according to security firm Symantec.

Senior manager for Symantec Security Response Orla Cox reported the development during a briefing attended by V3. "We're seeing more sophisticated attacks than ever before and people want security," she said.

"Nowadays we are rolling out virus signature upgrades around every 40-50 minutes. They're rapid response upgrades that go through partial vetting. We then follow them up with three upgrades per day that are fully certified."

Cox said Symantec began rolling out the rapid updates to help mitigate the growing number of malware variants and active cyber campaigns targeting its customers.

"It's been about shaving off minutes for the last couple of years. If you came to us a few years ago it was one [update] and before that it would have taken hours. The rapid updates are for people that need a rapid response, like those suffering an infection."

She said Symantec blocked 568,700 web attacks on its customers and detected a massive 1.6 million malware variants per day in 2013. But despite helping customers, Cox said the company's rapid update cycle has increased the risk of pushing out an update with a false positive signature.

"The biggest quality issue we face is the danger of false positive definitions. There's a risk of detecting something clean as malicious, that's the big no no in our industry, so it's as much about building definitions libraries about legit files as malicious," she said.

False positives are updates from security providers that list legitimate files as malware and block them from running. In the past the faulty updates have caused damage to many companies. In 2013 Malwarebytes crippled thousands of its customers' machines when it issued a false positive update.

Cox said the influx of new threats has also forced Symantec to expand its analysis procedures in recent years. "We've had to evolve how we work, it's not just about providing protection and moving on any more. Threats and the landscape have changed and to address this we've begun doing intelligence work," she said.

"We do bespoke research on occasion, with both customers and law enforcement. These situations are ones where we have the skills they don't – that's the benefit of us being here every day, reverse-engineering malware.

"Doing this over the years we've had to develop a number of systems and now we're trying to understand the individual attacks in the context of who did them and why."

Symantec is one of many technology firms to begin adopting an intelligence-based approach to cyber defence. Facebook unveiled a new automated ThreatData security service designed to detect and catalogue new malware families earlier in March.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
10%
6%
18%
66%

Popular Threads

Powered by Disqus
Samsung Galaxy S3 V3

Samsung Galaxy S3 S Voice video review

V3 tests Samsung's answer to Siri

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

C#.NET Developer (C#,.NET, SQL, WCF, TDD, WEB)

C#.NET Developer (C#,.NET, SQL, WCF, TDD, WEB) City...

Oracle 11g SQL 2008 Developer (Unix, Oracle RAC, Mirroring, Rep

Oracle 11g SQL 2008 Developer (Unix, Oracle RAC, Mirroring...

Junior .Net Developer

.Net Developer (VB.net, JavaScript, HTML, CSS) .Net...

Space Planning Assistant

Central London (Regent campus) Fixed Term until...
To send to more than one email address, simply separate each address with a comma.