To effectively detect malware, ECAT uses a completely different approach compared to traditional antivirus products.
Why do antivirus scanners fail to detect advanced malware?
Traditional antivirus companies are using known virus signatures to identify malware. Although this technique worked well in the past when a few thousand viruses were found in the wild each year, it has been overwhelmed by the growth of malware families. Just one AV vendor alone created more than 500,000 new signatures in 2010 and this flood doesn’t show any sign of stopping. Creating signatures requires dedicated highly skilled personnel that can’t keep up with the pace. They will be inevitably reactive, not proactive in identifying threats. They must focus on the most widely distributed malware and put aside those with low distribution rates, a category into which APT falls. As soon as a signature is deployed to block a known malware, the malware author starts the process of bypassing it by doing minor modifications to its code and testing it against the low-cost (usually free for 30 days) and publicly available products that detects it.
How is ECAT Different?
Instead of spending precious time analyzing malware samples to create signatures, our team works on automating the detection of anomalies within the computer’s applications and memory. In a typical enterprise environment, there are only a few thousands executables that typically get loaded in memory among which only a few generate anomalies. Legitimate anomalies are mostly created by security products and sandboxing technologies built in to browsers and file viewers. These products are limited in number, easy to obtain and analyze so we have incorporated them in a “known anomalies database”. Anomalies outside these are automatically flagged and reported to the ECAT console operator who can then use the collected intelligence to respond quickly.
To see ECAT in action side by side with AV, read our blog post. Then watch the video of ECAT scanning a machine declared clean after a scan by a leading AV engine while infected with a Zeus variant. You can also download the ECAT datasheet, download the whitepaper or contact us for a demo.
Our mailing list
Silicium Security has been acquired by EMC and is now part of RSA, The Security Division of EMC. Find more details here . The ECAT team is based in Quebec, Canada. For more information about ECAT Advanced Malware Detection, email us at firstname.lastname@example.org or get our full contact details here. You can stay updated by subscribing to our newsletter or our blog.