Companies need real-time ‘zero day’ detection


Traditional signature-based systems are struggling with tackling the threat of web 2.0 attacks, and real-time detection is what companies will need for adequate protection in the future.

So claims Bruce Green, international president of M86 Security, speaking to IT PRO as his company announced the purchase of Finjan, which specialises in enterprise web gateway technology.

He said that businesses are extensively using the web for their operations, leaving them open to sophisticated web-based attacks.

These would often take the form of zero-day attacks' - threats that attempt to exploit unknown computer vulnerabilities.

"A lot of the malware is coming through the web. There's a lot of protection for mail, but we're seeing a lot of blended' threats come in," Green said.

"This is where a fairly innocuous email comes in down in through your mail filters, links to a legitimate site, which has a drive-by infection," he added. "The traditional signature based systems have taken a while to catch up with it," he said. "What we're looking for is how to get more zero-day and real-time."

According to Sophos security analyst Graham Cluley, real-time security technology can detect whether programs are running suspiciously.

For example, real-time security systems could tell if software was being actively hacked.

"It's an additional level of protection beyond known malware protection. It will say this program is suspicious, and we'll give you the option to quarantine it right there and then, before it can do any damage," Cluley said.