News   Events   About Us   Support  

 
Triumfant navigation bar
Solutions
Triumfant Overview: Endpoint Security
Triumfant Malware Detection and Remediation
Triumfant Continuous Monitoring
Triumfant Advanced Persistent Threat
Triumfant Security Configuration Management
Triumfant Trusted Network Connect
Solutions for the Government

- SCAP and
  Security Automation

- CyberScope
  Reporting

- FDCC Compliance
  Endpoint Security  

The Worldwide Malware Signature Counter

2,600,000

An Up-to-the-Second Representation of the Signature Problem

The Worldwide Malware Signature Counter is a representation of the estimated number of signatures required by signature based defensive software such as antivirus tools to meet the expanding volume of malware threats. The point of the counter is simple: malicious attacks are growing in both volume and complexity, and the sheer volume is reaching a point where it begins to surpass the collective capability of security vendors to keep pace. In 2008, the pace translated to Symantec writing a new signature every 20 seconds; in 2009, the pace quickened to one every eleven seconds; by mid-year of 2011, the pace had to be adjusted to one every 8 seconds.

How the Counter Works

There is obviously no way to have an exact count of the required number of signatures needed at any one point in time, but we do believe this counter is built on sound and conservative assumptions. The counter is based on data from the "Symantec Global Internet Security Threat Report - Trends for 2009", published by Symantec in April of 2010 which provided a year-by year summary of the cumulative number of signatures. At the beginning of 2007, there were approximately 1,000,000 signatures in total. The report states that in 2008, Symantec wrote 1,691,323 signatures, bringing the total cumulative count to 2.6M signatures at the start of 2009. The signature activity in 2008 represented a 265% increase in the total number of signatures year over year. In 2009, Symantec wrote 2,895,802 signatures, which meant that 2009 represented 51% of all of the signatures ever written.

Unfortunately, Symantec did not include a signture count in the 2010 Internet Threat Report (actually, the document never uses the word "signature" - perhaps the antivirus vendors are getting sensitive to the signature issue?). Furtunately, Symantec publishes to what amount to a running signature total on their Web site page called "Virus Definitions & Security Updates" that lists the signature counts associated with their nightly/weekly updates. This data indicates that Symantec concluded 2010 with approximately 10.1M signatures, with approximately 4.4M new signatures for the year. Symantec did not in the 2010 report that they saw over 286 million unique malware variants for the year.

++ Click on the Chart to Enlarge ++

It is Not Just About Volume

Malicious attacks are growing in complexity and velocity. The public, bulletin board attacks carried out by lone hackers of five years ago have been replaced with dynamic precision-guided attacks carried out by well organized cyber criminals who value stealth and non-detection above all else. The signature based technologies such as antivirus software and firewalls are buckling under the evolving cyber threats, and new tools such a heuristics still require some previous level of knowledge of the attack to work. There are numerous reports that cite the poor performance of traditional defensive software and while the malware detection rates differ between the reports the consistent finding is that traditional tools are no longer effective.

Real Time Malware Detection and Remediation Without Signatures

Triumfant Resolution Manager has the ability to detect, analyze, and remediate malicious attacks in real time without the need for signatures or any prior knowledge of the attack. Triumfant scans every machine down to the most granular level and can detect the changes to a machine that indicate a potential attack. Triumfant's patent pending analytics can then verify that the machine is in fact under attack and eliminate the false positives that have plagued anomaly detection in the past. Because Triumfant can detect each and every change to a machine, it is uniquely capable of synthesizing a situational remediation on the fly to not only stop the attack, but repair all of the collateral damage of the attack. Open ports are closed, modified configuration settings are restored, and registry entries are repaired, effectively eliminating the costly process of re-imaging the machine. The ability to build these sophisticated remediations without human intervention significantly shortens the time between detection and remediation.

Learn More

To learn more about how Triumfant Resolution Manager can help your organization detect the malicious attacks that evade traditional signature based defensive software, click here.


top

Next Steps:
Triumfant
Triumfant
Triumfant
Resources:
Overview: An introduction to Triumfant
Solution Brief: Malware Detection and Remediation
White Paper: Malware Detection and Remediation
Demonstration: Malware Detection and Remediation

"Because every vendor's solution could handle common viruses and malware, each received an A grade in the performance category, with the exception of Triumfant Resolution Manager, which earned an A+ by far exceeding the other products in its ability to detect and remediate malware."
Government Computer News
Review of Endpoint Security Suites
August 4, 2009

 

Triumfant
Triumfant
© 2012 Triumfant, Inc. | Website by Ashley Cyber Services, LLC
Resource Library | Site Map | Privacy Policy | Contact Us