risks ahead

Multiscanning, the new must have

Every day, new malware and other online threats emerge, making Anti-Virus (AV) an increasingly important element of any cyber security strategy.

It is, however, unrealistic for a single anti-virus solution to be able to protect devices from all malware, not least because AV engineers need time to understand any new virus and develop the antidote. Furthermore, delays can happen due to systems not being updated as soon as a new AV patches are released.

We now have polymorphic viruses, which are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection. They can encrypt their codes and use different encryption keys every time, blinding many AV engines, rendering them useless.

It is not surprising that 91% of cyberattacks start with an email which remain the largest attack vector for malicious actors, as it is cheap, easy to use, and provides a direct communication channel into an organisation.

It is also possible to be attacked without actually doing anything, even by avoiding suspicious email links, malicious websites or scanning files from the web before opening them. Something as seemingly harmless as a web page can be a way for malware to get into a system, simply by visiting them. Such weaknesses typically come from the clicking onto malicious ads, otherwise known as malvertising attacks. These land on a page that could download a file or execute a web script that compromises the system. Malvertising attacks come in a wide variety, can use legitimate, but compromised, websites and may use misleading prompts to trick a user into agreeing, or acting, without the understanding of its execution.

These ‘drive-by downloads’ are hazardous as PCs can be infected simply by visiting a good website at the wrong moment. Malware authors get away with this by exploiting online advertising networks and inserting their malicious ads in-between legitimate ones. Advertising networks are trying to crack down on these practices, but it is difficult to prevent them without sacrificing revenue.

Best practice now calls for the addition of more AV scanning engines, or multiscanning, to increase the detection rate of malware. By using more than 20 anti-malware engines, a detection rate of more than 99% is possible, so that new threats can be quickly detected and remediated.

Multiscanning also identifies malware outbreaks more efficiently, by consolidating virus definition database updates. As the number of antivirus engines increases, the time of exposure to malware decreases. With more than 20 anti-malware engines, exposure to malware can be reduced to less than 10 minutes.

Multiscanning technology improves the detection of outbreaks by using a variety of engines using a mix of heuristic, machine learning, and signature-based detection.  AV engines support pattern (or signature) matching to detect malware variants that exhibit similar behaviour to other variants in the same malware family. AV engines, using only definition databases, are less suitable for this purpose, while engines using artificial intelligence and behavioural heuristics can identify complex viruses, even polymorphic and unknown (zero-day) viruses.

Now is the time to strengthen your cyber security to include multiple, intelligence based, AV engines that can detect unusual behaviour, which is often a sign of malware lurking in your network.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.