Research from Palo Alto Networks Shows Malware Fight Falling Short

New research from Palo Alto Networks underscores just how much malware may be slipping by enterprise defenses.

According to research gathered during a three-month period using the company’s new WildFire malware analysis engine, 57 percent of the more than 700 unique malware samples they discovered entering enterprise networks had no signatures and was unknown to the security industry.

“I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks,” said Wade Williamson, senior security analyst at Palo Alto Networks, in a statement. “Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines.”

The inability of signatures to keep up with the creation of malware on their own has been an oft-repeated theme the past few years. With millions of new malware samples being created every year, vendors have begun embracing a mix of solutions, ranging from whitelisting to approaches that utilize the cloud.

Part of Palo Alto’s solution to this problem is WildFire, which helps identify unknown malicious files by executing them in a virtual cloud-based environment or “sandbox” in an attempt to identify malicious behavior.

Also in its research, Palo Alto found that zero-day malware was distributed by a wide variety of Web applications, in addition to the traditional HTTP web-browsing and email traffic commonly associated with malware distribution. This builds off the company’s May 2011 Application Usage and Risk Report, researchers found that traffic from browser-based file sharing applications was observed on the 91 percent of 1,253 enterprise networks analyzed from October 2010 to April 2011.

“It’s important to note this, because many enterprises only inspect email or FTP traffic for malware but do not have the ability to scan other applications,” Williamson noted. “Applications that tunnel within HTTP or other protocols can carry malware that will be invisible to a traditional anti-malware solution. These are examples of the big reasons why a lot of malware gets missed – most enterprises only focus on scanning their corporate email application.”

Related Reading: Getting Your Hands Dirty in the Fight on Modern Malware

Related Reading: An Introduction to Modern Malware 

Related Reading: Using Network Segmentation to Protect the Modern Enterprise Network