Twitter Us!

ScanSafe Managed Web Security available at ScanDefender.comScanSafe Outbreak Intelligence

ScanSafe’s Web security applications are powered by Outbreak Intelligence (OI), a proprietary security platform that detects zero-hour and known malware threats. By using a combination of multiple, correlated detection technologies, automated machine-learning heuristics, and the industry’s largest Web data set, OI provides the most effective solution against new and known Web malware.

Overview:

New spyware and viruses continue to appear at a rapid rate, with several thousands of new malware detected each month. Attacks now are more targeted and utilize multiple malware variants, diminishing the likelihood of anti-malware vendors obtaining every new malware sample for signature development. This targeted, saturation approach has circumvented the effectiveness of traditional, reactive security technologies such as signature-based malware detection. A new, proactive security approach is needed to protect against the growing number of new, unknown malware threats.

Proactive Security Platform

ScanSafe’s Web security applications are powered by Outbreak Intelligence (OI), a proprietary security platform that detects zero-hour and known malware threats. By using a combination of multiple, correlated detection technologies, automated machine-learning heuristics, and the industry’s largest Web data set, OI provides the most effective solution against new and known Web malware.

How ScanSafe Outbreak Intelligence Works

Why Outbreak Intelligence?

  • Protect your organization against malware without solely depending on signatures
  • Detect new malware accurately and avoid false positives
  • Scan inbound and outbound Web traffic for malware and malware communications
  • Leverage multiple, correlated detection technologies, automated machine-learning heuristics, and the industry's largest Web data set
  • Detect up to 15% more malware than signature-based security technolgies

Multiple, Correlated Security Technologies:

OI uses multiple signature-based anti-malware scan engines and multiple heuristic detection engines to scan inbound and outbound Web traffic in real-time for new and known Web malware.

OI’s signature-based scanning detects known Web malware residing on reputable and uncategorized Web pages. Signature detection utilizes multiple, industry-leading anti-malware scan engines, covers all known spyware and viruses, updates hourly and immediately in emergencies, receives new signatures within two hours of new malware detection, and is supported by 24/7 global malware research conducted by the world’s largest malware laboratories and collection networks.

ScanSafe’s proprietary heuristic engines utilize non-signature detection techniques and automated machine-learning technologies to dynamically generate several thousand fine-grained heuristic parameters that reach beyond the scope of security researchers’ prior knowledge of malware. As a result, OI heuristic engines detect up to 15% more malware than reactive signature-based detection.

ScanSafe Web Security is powered by Outbreak Intelligence which comprises of numerous correlated detection technologies, automated machine-learning heuristics, and multiple "scanlets" Outbreak Intelligence builds a detailed view of each Web request and the associated security risk to ensure that ScanSafe customers use the Web safely.

Detection Technology Strength Limitations
Signature
  • Spyware
  • Viruses
 Reliable identification of known malware
  • Reactive, cannot identify new, unknown malware
  • Effectiveness depends on the vendors’ possession of malware sample
  • Library sizes vary
  • Response times vary
Reputation
  • URL
  • Code
 Provides historical context for unknown code
  • Focused on the past, does not consider present behavior
  • Accuracy depends on heuristic parameters and size of data set
Behavior
  • Traffic
  • Code
Provides present context for unknown code
  • Focused on the present, does not consider historical trends
  • Accuracy depends on heuristic parameters and size of data se

OI combines signature, reputation, and behavior detection technologies, automated machine-learning heuristics, and a vast Web data set to leverage the strengths of each detection technology, without any of the limitations.

The URL reputation engine assesses the reputation of a Web page by examining parameters such as IP address information, country of the Web server, history and age of the URL, domain registration information, network owner information, traffic rank of the Web site, URL categorization information, and types of content present. OI’s traffic behavior engine analyzes network traffic patterns to identify suspicious, atypical traffic which would suggest malicious code exploiting a vulnerability or malware communications, for example, from an infected notebook computer to a botnet command-and-control computer. A code behavior engine determines the behavior of the code by modeling program logic, behavioral rules, and contextual parameters that taken together would suggest good or bad intentions.

The OI code reputation engine examines the Web code itself to determine if it is unusual and possibly malicious. It compares information such as type of code, history and age of the code, frequency of the code, file structure/header/content patterns, and program logic patterns, to code that is known to be good or bad in ScanSafe’s massive Web data set. This engine is especially effective for flagging new code that differs from the universe of known good code.

The multiple detection engines give their assessments of the code, and these assessments are then combined to produce a comprehensive view of whether or not the new code is malicious.

Proactively Stopping WMF Malware:

  • Period of Vulnerability: 28 days
  • Zero-Hour Exploit: Vulnerability in the way Windows handles Windows Metafile (WMF) image files.
  • Malware: Trojan horses, backdoors, and other malware embedded in images.
  • Distribution: Images posted on a wide variety of Web pages, including the customer support discussion forum of a major technology manufacturer and other reputable Web sites; email/Webmail; and IM.
  • Result: OI’s multiple heuristic engines detected the zero-hour malware programs before signatures were available and proactively protected the 15% of ScanSafe’s customers that were attacked.

Industry’s Largest Web Data Set:

Any non-signature malware detection technology is only as effective as the size of the data set it processes. By leveraging its unique position at the Internet level, OI has unmatched visibility of global Web data and emerging malware threats. OI analyzes several terabytes of Web code each day and has compiled a proprietary Web data set that goes back to 2004. This vast Web data set, unique in the industry, ensures that OI is the most accurate proactive malware security solution available.

Why Outbreak Intelligence?

Protect your organization against malware without solely depend­ing on signatures

  • Detect new malware accurately and avoid false positives
  • Scan inbound and outbound Web traffic for malware and mal­ware communications
  • Leverage multiple, correlated de­tection technologies, automated machine-learning heuristics, and the industry’s largest Web data set
  • Detect up to 15% more malware than signature-based security technologies

How It Work:

Documentation:


Download the ScanSafe Technology's Outbreak Intelligence Datasheet (PDF).

 

Home | Shipping | Return Policy | Terms & Conditions | Privacy Policy | Contact Us

ScanDefender.com is a division of Virtual Graffiti Inc, an authorized ScanSafe reseller.
Copyright © 2010 ScanSafe. All Rights Reserved.