The document discusses the increasing volume of malware and how it is overwhelming traditional antivirus update systems. It presents data showing exponential growth in new malware samples identified each year. This increase in malware is leading to more antivirus pattern files and updates that are straining current deployment methods. The document proposes moving to a cloud-based architecture for antivirus pattern and software updates as a powerful new layer of defense that can help address these challenges.
Volume of Threat: The AV update deployment bottleneck
1. Volume of Threat:
The AV Update Deployment Bottleneck
Wei Yan • Anthony Arrott • Robert McArdle
10/2/2009 Copyright 2009 Trend Micro Inc. 1
2. Malware Volume Increase
Number of New Unique Malware Samples
Source: www.AV-Test.org
16000000
15 Million
14000000
12000000
10000000
8 Million
8000000
6000000
4.5 Million
4000000
2000000
1 Million
333 K
0
2005 2006 2007 2008 2009*
Classification 10/2/2009 Copyright 2009 Trend Micro Inc. 2
3. More Samples -> More Patterns
Increase in Malware Samples
10/2/2009 Copyright 2009 Trend Micro Inc. 3
4. More Samples -> More Patterns
Increase in Malware Samples
Increase in Patterns
10/2/2009 Copyright 2009 Trend Micro Inc. 4
5. More Samples -> More Patterns
Increase in Malware Samples
Increase in Patterns
10/2/2009 Copyright 2009 Trend Micro Inc. 5
6. AV Updates (Now)
S
H
Signatures
Static
Signatures
Heuristics
Heuristics
Copyright 2009 Trend Micro Inc. 6
7. AV Updates (Future)
S
Fingerprint
Fi i t
H
Result
Sig Index
Static
Signatures
Heuristics Signatures
Heuristics
Copyright 2009 Trend Micro Inc. 7
8. Cloud Architecture
Private Cloud
Private Cloud Public Cloud
Public Cloud
• Complete Control • Limited API Access
• Cl
Clear control of QoS
t l fQ S • Li it d Q S b d
Limited QoS based on SLA
SLA
• Control Security Settings • Unclear Security Standards
• Excellent Load Balancing &
Excellent Load Balancing &
Location Awareness
• Time Critical Systems • Non‐Time Critical Systems
• Continuous Communications • Unpredictable
Communications
Copyright 2009 Trend Micro Inc. 8
9. Putting it all together
Private Cloud
Private Cloud Public Cloud
Public Cloud
Web Threat Services Pattern Updates
Malware Scanning Software Updates
Correlation Load Balancing
Pattern Updates
Time Critical Location Aware
Software Updates
Software Updates
Time Critical
Service Oriented Management Adaptor
Load Balancing Oriented Management Adaptor
d Service
l
Location Aware
Copyright 2009 Trend Micro Inc. 9
10. Does all this work?
Source: NSS Labs – based on 231,351 tests on 3,243 unique malicious URLS - http://nsslabs.com/
Copyright 2009 Trend Micro Inc. 10
11. Conclusions
Increase in Malware -> AV Update Bottleneck
10/2/2009 Copyright 2009 Trend Micro Inc. 11
12. Conclusions
Increase in Malware -> AV Update Bottleneck
Current Pattern Deployment on it’s last legs
10/2/2009 Copyright 2009 Trend Micro Inc. 12
13. Conclusions
Increase in Malware -> AV Update Bottleneck
Current Pattern Deployment on it’s last legs
Cloud system is a powerful new layer of defense
Classification 10/2/2009 Copyright 2009 Trend Micro Inc. 13