2013 Projected To Bring 60 Million New Pieces of Malware
...according to AV-TEST
Moral of the story - AV is one piece of the pie and a "clean" AV scan does not a clean system make. They simply cannot keep up with that type of volume.
In my current role I'm doing SIEM monitoring as part of my job. For the most part our internet is wide open and even with AV, HIPS, host-based firewall, physical firewalls, a mature proxy, and a very mature IDS I still see multiple PC and server compromises daily. Often times I'll see C2 traffic via an IDS alert, only to find out every other layer of security failed. Additionally I'm more than certain our IDS is also failing in some respects and there are a bunch of owned hosts in our environment that we don't know about yet.
Definitely a bleak outlook for the average user who might not even have AV installed at home.
AV-TEST Maps Dramatic Increase In Malware -- Dark Reading
Moral of the story - AV is one piece of the pie and a "clean" AV scan does not a clean system make. They simply cannot keep up with that type of volume.
In my current role I'm doing SIEM monitoring as part of my job. For the most part our internet is wide open and even with AV, HIPS, host-based firewall, physical firewalls, a mature proxy, and a very mature IDS I still see multiple PC and server compromises daily. Often times I'll see C2 traffic via an IDS alert, only to find out every other layer of security failed. Additionally I'm more than certain our IDS is also failing in some respects and there are a bunch of owned hosts in our environment that we don't know about yet.
Definitely a bleak outlook for the average user who might not even have AV installed at home.
AV-TEST Maps Dramatic Increase In Malware -- Dark Reading
Comments
-
wes allen Member Posts: 540 ■■■■■□□□□□Cool link!
According to the DBIR, only something like 9% of breaches are discovered by the compromised company - IDS is 2% and Log review (SIEM?) is 1%. And I would bet all those companies had some form of enterprise A/V solution that didn't help as well. Yet, it seems like those areas get a lot of attention and funding, where stuff like a serious patching effort gets pushed down the list. Or, just fund a way to kill Java and you would be way ahead of the game!