For many years now, conventional anti-virus methodology of signature-based scanning has failed miserably in delivering acceptable performance against newly-released malware. The emergence of virus kits and the polymorphic nature of viruses means that conventional signature-based scanning simply cannot keep up with changing and frequently-released new malware. Many studies show signature-based scanning now identifying less than 15% of the latest attacks against PCs. The model is simply broken.
Yet signature-based detection still remains the core of most conventional PC anti-virus solutions, as well as mobile device anti-virus applications. With the main aim of malware these days being to harvest personal identity data of individuals, it is little wonder that identity theft continues to be of growing concern.
Signature-based scanning is malware-centric – it attempts to clean a PC of malware, by first identifying the existence of malware and then eradicating it. The problem occurs when the scan fails to find the malware, or fails to eradicate it.
An alternative approach to the malware problem is to focus on the data rather than the malware, and protect sensitive data as it is entered by a user regardless of any malware which may be present. The rationale of this alternative data-centric approach is that if the sensitive data entered by users is secured, identity thieves are not able to harvest what they are looking for. The methods used by the data-centric approach on the PC include anti-key logging measures, anti-screen capture, and proactive anti-phishing technology, plus other techniques of isolating sensitive data and ensuring that user-entered data is kept safe from data-seeking malware. In the mobile world, isolating sensitive data from the nasties fits comfortably with the philosophy behind many operating systems.
For years now, signature-based scanning has been regarded as the primary defence mechanism at the PC end point, while data-centric protection has been seen as a secondary mechanism to be called upon when the primary defences failed. However the ineffectiveness of signature-based scanning now means that these roles are reversed – data-centric solutions are now far more effective at safeguarding sensitive data entered by a user than are signature-based methods. As the first line of defence against identity theft and modern malware, it is the data-centric approach which is increasingly relied upon.
A data-centric approach starts from the assumption that the PC is already infected by malware that is trying to obtain the data, and that this malware cannot be detected. Data-centric solutions do not need to react to each new variant of malware that is released, the model is to simply protect against the mechanisms that malware could utilise to harvest data. Solutions that focus on the data ensure that malware receives either no data or false data, but never the real data which the user is entering.
CISOs realise that the advent of BYOD and the popularity of USB devices are making the job of perimeter defence far more difficult. Securing the gateway does not work too well when nasties have a way of getting in without going through the gate.
For years now, the IT security industry has been misleading consumers, lulling them into a false sense of security about the capabilities of traditional anti-virus solutions. Security vendors, financial institutions, and the press, have been advising consumers that all they need on their PC is an up-to-date anti-virus product, without pointing out to their non-technical audience the severe shortcomings of signature-based technology. The message to consumers needs to change and it needs to be clear: The criminals are after your identity, you need take a data-centric approach to protect your identity when you do your online banking, online shopping, or entering sensitive data anywhere on the internet.
Leave a Reply