Lone Fighter or Teamwork: Which Anti-Malware Approach Delivers Better Protection?

Many of the cyber threats faced by companies today come from malware. Malicious code is a constantly evolving threat, with new iterations springing up and launching new attacks constantly. Data from the AV-Test Institute states that over 350,000 new malicious programs are registered every single day. What’s more, malware is appearing in increasingly complex and difficult-to-spot forms. This not only presents companies with more problems, but is also a major challenge for the IT security industry. In order to keep pace with these growing dangers, security vendors need to do more in less time, and be constantly evolving their technologies. It is an arms race between the good guys and the bad guys.

In order to meet these threats, enterprises of all sizes from all industries need to have in place protection that is powerful enough to continually identify and neutralise these continually evolving cyber-threats. So how can a security vendor stay ahead in this cybersecurity arms race?

Let’s start by taking a look at how single vendors tackle the problem…

The duty of an anti-malware vendor is to discover whether a file, program or some other item that arrives on a computer or network is ‘good’ or ‘evil’, and to communicate to its customers in order to protect them. Depending on the approach which the vendor uses, different challenges are faced.

One option that the vendor has is to build a knowledge base of what constitutes ‘good’ and ‘evil’ entities. With this approach, the vendor needs to gather as much data as it can and, with its experience and skills, make decisions and deliver on them as soon as possible. This way, virus signatures and reputation information are created. A significant problem here is that a complete global data stream is not available for analysis and the analysis result may fail to be accurate. Equally, the delivery of this knowledge takes time. In this time gap between result and delivery, malicious files have the opportunity to infiltrate the system.

The other option is for the vendor to guess what is ‘good’ and ‘evil’. For this, it must be decided what kind of data should be analysed by what criteria, and which conclusions should be drawn from the analysis. Approaches such as heuristic, sandboxing and machine learning are based on this approach. There are many factors which affect the level of accuracy in this approach, such as what objects and behaviour are analysed, upon which criteria, the knowledge and experience of the vendor itself, and the time analysis takes to complete.

Each of these options has advantages and disadvantages. In all cases, individual protection potential is created. Nonetheless, no one provider has exactly the same detection rate as another, and no one provider can, regardless of the approach and the greatest effort, always recognise any global threat correctly and in a timely manner. The results are the well-known false-negatives (missing detection), false-positives (false alerts) and delayed protection, which can happen with every vendor.

In contrast, what would happen if not just the protection potential of a single vendor is used, but several independent would be combined?

It makes sense to bring these separate technologies together in a way that utilises each one’s strengths. The result would be that multiple vendors agree on known malware, but the gaps in detection are significantly smaller than usual. Furthermore, the average response times to new threats are reduced and negative effects of false alarms can be prevented. With this, vendor teamwork has clear benefits over a single vendor.

A multi-vendor solution does not mean running all programs side by side. Most security solutions are not designed to work simultaneously in this way, and doing so will result in system crashes, major performance issues and more. The use of many separate security products, on different devices and areas of a network, is possible, but this does not combine the potential of each provider, will increase the security level only slightly and ultimately creates an administrative nightmare.

A neutral association pulls together the benefits of each vendor, and allows the end user to switch certain technologies of each on and off at a click. A solution for this is offered by the IT security association, Tabidus Technology, which allows the technical collaboration between global anti-malware vendors. This is teamwork.

If you would like to find out more about the benefits of agile threat detection solutions and how they compare to single-vendor solutions, download our in-depth whitepaper. In ‘Keeping Your Data Safe: Threat Detection Optimisation For Enterprises’, we explore the many threats facing businesses in the digital world today, and the best ways to combat these threats effectively. We offer helpful advice on how to maximise your protection, and why a multi-vendor solution is the best choice. Simply click below for your free copy:

Keeping Your Data Safe: Threat Detection Optimisation For Enterprises