McAfee Inc., the world’s largest dedicated digital security company, today announced a McAfee Labs invention that advances the state of the art in threat detection and protection by harnessing the power of the cloud and McAfee security software installed on millions of PCs.
“This new approach by McAfee Labs changes the way we identify and create protection against new malicious software threats such as viruses, worms and Trojan horses,” said Mike Gallagher, McAfee Labs chief technology officer. “This is a fundamental shift in cyberdefense.”
The newly invented technology is part of McAfee® Global Threat Intelligence™ and provides McAfee with two major benefits in the fight against the continuing onslaught of malicious software, or malware:
1) McAfee Labs researchers can now proactively search for new cyberthreats by using the millions of computers running McAfee software as discovery beacons. Researchers can use the beacons to look for suspicious activity without impacting system performance and report back through the cloud where the intelligence is used in aggregate. Once suspicious activity is identified, researchers isolate, investigate and develop and deploy countermeasures if appropriate.
2) McAfee Labs researchers can now create more advanced countermeasures that go well beyond the traditional malware fingerprints, raising the bar on cybercriminals who continuously seek to circumvent security software. The new technology allows McAfee Labs to broadly test the effectiveness of advanced countermeasures, maximizing effectiveness and also minimizing the chance of erroneous detections.
“With this new technology we are taking advantage of our global presence and millions of PCs running McAfee to spot threats that other security providers may not see,” said Jeff Green, senior vice president of McAfee Labs. “McAfee Labs researchers can now do granular prospecting for threats.”
Computer security software historically detects and blocks malicious software using a database with signatures of known threats. Researchers at security software makers traditionally write these signatures based on malicious software collections that are shared in the industry. The collections are made up of samples submitted by customers or by external security experts.
“It is time to move beyond providing protection based on the conveyor belt of malicious software samples shared among cybersecurity companies,” said Green. “While samples are still important, the industry has been too focused on samples and creating signatures for the growing number of samples. It simply doesn’t scale, the bad guys have won that battle.”
McAfee Labs has seen the amount of malware hit new record highs each year over the past several years. In the first half of 2010 McAfee Labs saw, on average, more than 55,000 samples coming in each day. Cybercriminals typically create many slightly different variants of the same malicious programs in attempts to evade detection by security software.
With the newly advanced McAfee Global Threat Intelligence capabilities, McAfee Labs researchers no longer look purely at samples, but investigate more in depth and provide countermeasures based on information surrounding samples. This advanced detection makes it much harder for cybercriminals to evade detection and allows McAfee to protect against entire families of malicious code.
For example, the expanded capability allowed McAfee Labs researchers to identify, investigate and block many variants of fake security software, or scareware, before any other computer security provider. “Our priority is now driven by what malicious code is actually out on the Internet and not by the industry’s malware collections,” Gallagher said.
McAfee started using the enhanced McAfee Global Threat Intelligence capability early this year. The benefits of the new capabilities will become increasingly apparent to McAfee customers as McAfee Labs ramps up use of the capabilities over the remainder of 2010 and into 2011.
The expanded Global Threat Intelligence capabilities are part of the McAfee Trust & Safety Initiative, a company-wide effort that sets new industry standards in the areas of quality assurance, technical innovation, support & services and community awareness. More information on the Trust & Safety Initiative is available online at: http://www.mcafee.com/trustandsafety
About McAfee Global Threat Intelligence
Created and refined by McAfee Labs, McAfee Global Threat Intelligence is the most comprehensive cloud-based threat intelligence in the market and serves as the next generation of threat protection. Spanning the Internet, including millions of sensors globally, and correlating data across all threat vectors – file, web, email, and network, McAfee Global Threat Intelligence delivers real-time intelligence about files, IP addresses, URLs, web domains, images, email messages, network connections, and applications. It protects against both known and emerging threats, including malware outbreaks, zero-day exploits, and malicious zombie senders generating spam and web attacks. McAfee Global Threat Intelligence enables customers to mitigate security risk through more comprehensive protection, reduce cost of incident response and management overhead, and assess their security posture.
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world’s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by unrivaled McAfee Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee secures your digital world. http://www.mcafee.com