We know it’s a shock, but your endpoint protection suite isn’t doing a good enough job of blocking malware attacks. So the industry has resorted additional layers of inspection, detection, and even protection to address its shortcomings. One place focus is turning, which is seeing considerable innovation, is the network. We see a new set of devices and enhancements to existing perimeter platforms, focused on detecting and blocking malware. A paragraph from Network-Based Malware Detection: Filling the Gaps of AV says it best:

We have been doing anti-virus for years and it hasn’t worked. Malware detection moving forward is about really understanding what the files are doing, and then determining whether that behavior is bad. By leveraging the collective power of the network we can profile bad stuff much more quickly. With the advancement of network security technology we can start to analyze those files before they make their way onto our devices. Can we actually prevent an attack? Under the right circumstances, yes.

We would like to thank Palo Alto Networks for sponsoring this research, and making sure you can read it for a remarkably fair price.

You can download the paper directly: Network-Based Malware Detection: Filling the Gaps of AV

The paper is based on several posts:

  1. Introduction
  2. Identifying Today’s Malware
  3. Where to Detect the Bad Stuff?
  4. The Impact of the Cloud