Malware prevention: Real-time service
West Coast Labs – which has test facilities in Cardiff, Wales; Irvine, Calif.; Hong Kong and Sydney, Australia – performs accreditation and certification services for IT security vendors, but, until now, has conducted all its tests in laboratory conditions. Its real-time service, launched last month, aims to deliver to vendors what WCL calls “a higher level of performance validation,” with tests that emulate the real threat landscape. The theory is that as malware is released into the wild, the tests will track it and see if the systems on test are vulnerable.
“A number of honey pots across the globe track malware in the wild. We use systems to see if the files are malicious or not and then determine whether the products on test can recognize them as well,” says Lisa Myers, director of research at West Coast Labs.
According to Sunil Aggarwal, VP of research for CA's Internet Security Business unit, the idea of reaffirming the strength of product features in real-time is hugely beneficial, especially given the increasing ways malware is penetrating organizations' infrastructures.
“The need to validate products on a real-time basis is becoming very critical,” says Aggarwal. I think certification programs like this will help the whole industry a lot.”
Myers agrees, noting that malware has changed drastically in the past 10 years. “This service allows us to bring the testing environment up to speed with the user experiences,” she says. “Real-time testing will also give us a leg-up in terms of testing in cloud computing situations. The whole industry is going to have to deal with it sooner or later.”
West Coast Labs' new testing will be offered to the vendor community as an extension of the standard suite, but the plan is to eventually roll it out as a service to the user community, according to Myers.
Aggarwal says that the independent validation that testing organizations like West Coast Labs offers is key to helping vendors evolve their offerings and address the growing list of cybersecurity problems IT executives must address. The idea of extending this Real-Time Testing Program to end-user organizations – the vendors' customers – would only help organizations even more in thwarting cyberattackers' growing number of sophisticated attacks. Such a program would allow those in the trenches everyday to run their own real-time, unbiased tests on products they're looking to deploy, ensuring they get the right solution for their environments.
The company says that IT managers demand more accountability from vendors to address emerging threats – attacks targeted with increasing frequency specifically at corporate networks and individual employees – and from an expanded realm of attack vectors.
“Up until now, there has been an extremely large gap between the evaluation of products and end-users' actual experiences. Where once testing was conducted without regard to time and geographic location, our latest program recognizes the importance of testing against up-to-the minute threats that originate from multiple locations and are aimed at varying entry points. It closes that gap between test labs and user experiences,” says Myers.
“So far, CA, Symantec and Equiinet have signed up to the program, but we intend to work through the whole vendor community,” adds Myers.
CA, which already is in the midst of a trial run of the Real-Time service, is looking to start year-long testing of applicable products in the May or June timeframe, says Aggarwal. Because the market is so competitive, he expects CA to disseminate the information gained from the ongoing testing intermittently to the public. CA has worked with West Coast for years now, receiving various certifications of some of their products, he says. The results from these tests have been “really excellent,” he adds, and have proven an almost 100 percent detection rate of malware and very low false positive rates in their products. He expects the traditional tests confined to a lab environment to continue alongside the Real-Time Testing program, which allows vendors to see results continually and immediately.
To expound on this point, according to West Coast Labs, vendors will get a secure online interface, updated every three minutes
West Coast Labs says vendors will get a secure online interface, updated every three minutes, giving them continuous access to their products' performance data from separate periods – current, past 24 hours, past seven days, past 28 days – with a record of the total number of samples dealt with during that time.
The program can track attacks via HTTP, FTP, SMTP and application-specific sources. Also offered is a real-time live spam feed that looks for spam attacks with regional differentiating origination points and full-time spidering of the web to identify objectionable content, collected daily from locations worldwide.
WCL says its new service is unrivalled in the market. “If there are any others out there, they aren't talking about it,” says Myers.
From the - April 2009 Issue of SCMagazine »