How ECAT Differs From Traditional Antivirus - RSA ECAT - Malware Detection
How ECAT Differs From Traditional Antivirus
To effectively detect malware, ECAT uses a completely different approach from traditional AV.
Why do antivirus scanners fail to detect advanced malware?
Traditional antivirus companies are using known virus signatures to identify malware. Although this technique worked well in the past, it has been overwhelmed by the growth of malware families. Just one AV vendor alone created more than 500,000 new signatures in 2010 and there is no end in sight for this trend. Creating signatures requires dedicated highly skilled personnel that can’t keep up with the flood of new threats. The process is reactive, not proactive in identifying threats. They must focus on the most widely distributed malware and put aside those with low distribution rates, such as APT-related malware. As soon as a signature is deployed to block a known malware, the malware author starts bypassing it by doing minor modifications to its code and testing it against the low-cost (usually free for 30 days) and publicly available products that detect it.
How is ECAT Different?
Instead of spending precious time analyzing malware samples to create signatures, our team works on automating the detection of anomalies within the applications and memory. In a typical enterprise environment, there are only a few thousands executables that typically get loaded in memory among which only a few generate anomalies. Legitimate anomalies are mostly created by security products and sandboxing technologies built in to browsers and file viewers. These products are limited in number, and easy to obtain and analyze so we have incorporated them in a “known anomalies database”. Anomalies outside these are automatically flagged and reported to the ECAT console operator who can then respond quickly.
To see ECAT in action side by side with AV, read our blog post. Then watch the video of ECAT scanning a machine declared clean after a scan by a leading AV engine while infected with a Zeus variant. You can also download the ECAT datasheet, download the whitepaper or contact us for a demo.
Our mailing list
Silicium Security has been acquired by EMC and is now part of RSA, The Security Division of EMC. Find more details here . The ECAT team is based in Quebec, Canada. For more information about ECAT Advanced Malware Detection, email us at email@example.com or get our full contact details here. You can stay updated by subscribing to our newsletter or our blog.