Another anti-malware vendor, Trend Micro Inc., is also investing in new intelligence capabilities, powering its infrastructure with the cloud and the strength of its online community. Tom Moss, director of products and services at Trend Micro in Canada, describes it as a "fight fire with fire strategy."
"As much as the botnet controllers are kind of using the cloud or using the Internet to control large numbers of machines," he says, "we use the network of machines that our customers have to collect intelligence about how malware is behaving, who it's trying to communicate with."
Here again, the data is collected for later analysis. Trend Micro runs a sort of background check on the source of the infection, he says: "Where was that domain registered? What other domains has that person ever registered? How often is the address associated with that domain changing?"
Millier says that while analytics is becoming a part of the fight against malware, the IT security industry faces the same big data challenges as everyone else. Bringing large amounts of data into one place for closer scrutiny is a sound strategy, he says, but it's difficult to perform meaningful analysis on a mass of raw information.
"In order to be able to trigger on it effectively, in order to be able to search through it effectively, it really does need to be indexed and it needs to be sorted," says Millier. "And so you lose that flexibility with the idea of unstructured."
Millier says that overall, the various tools we're using to gather and analyze security data have improved considerably in recent years. The depth and breadth of the intelligence is far greater.
"You're getting a much better idea of what's actually happening across the network. You're seeing it at the system level, you're seeing at the network level, you're seeing it at the firewall, even at the application level. And so the idea of being able to identify threats faster is certainly better."
or visit http://www.itworldcanada.com for more Canadian IT News