Malware Mitigation Trends: Utilizing the Latest Weapons Against the Modern Malware Threat

In the malware mitigation market, there are divisions among the vendors. The perspective of the vendor, detection philosophy and technology approaches are examples of the vendors’ different views.
Most legacy network security devices have developed some semblance of controls to fight malware.  Similar to the approach of traditional AV vendors, it is relatively easy for a network security device such as a content-aware firewall or intrusion prevention system, to stop identified malware once the vendor has developed signatures or detection mechanisms that look for known instances of malware “breeds”.  For known malware threats, this signature approach can be effective.
However, known threat detection mechanisms have been rendered less effective with the advent of the “commercial” malware market.  This quickly growing black-market offers a forum for criminal enterprises to market their own malware-creation suites. Some even offer technical support. 
These user-friendly, GUI-based software suites enable criminal-entrepreneurs to very easily create their own customized versions of malware.  Each variation created can be encrypted and packed to create a new and unique signature for each malware package.  As a result, each new malware breed requires known threat detection vendors to obtain, deconstruct and develop a new detection signature for the malware package variation in order to detect and block it. Some of the more sophisticated malware creation tools even provide a polymorphic repacking function that is executed in an automated (continue reading...)