TaaSERA, which is backed by former US Homeland Security Secretary Tom Ridge, said that with more than 70,000 to 100,000 new, sophisticated malware strains produced each day, businesses and government agencies should rely on evidence-based behavior modeling as an extra layer of malware detection.
The process works like this: It starts with continually monitoring the activity flowing in, out and across corporate and government networks. Meanwhile, TaaSERA has identified that among the hundreds of millions of code variants that exist today, all malware exhibits certain traits within the eight stages of the malware lifecycle: infection preparation, egg download, peer infection, command & control communications, system scanning, attack preparation, malicious outbound scan and data exfiltration.
By correlating these behaviors with activity on networks, it’s possible, TaaSERA said, to “quickly identify every type of malware threat without the use of signatures or sandboxes, and with an extremely low number of false positives.”
"Current signature-based solutions are not sufficient to combat new exploits. By analyzing what the malware does, rather than what it looks like, [TaaS-based] malware behavior detection provides a better first line of defense over traditional solutions,” said Tim Romance, information systems manager at Try-It Distributing Company, in discussing the approach. “This allows for remediation before it actually becomes a problem.”
The key to a TaaS approach is ongoing information analysis – something virus and malware signatures can’t provide, being static entities. It also has to go further than simply detecting anomalous behavior on a network, instead incorporating additional intelligence, such as whether a suspicious URL is involved.
"Today's attackers employ multiple attack vectors to penetrate high-value targets with malware to gain a long-term foothold to steal confidential information and intellectual property over months or years,” said Scott Hartz, CEO and chairman of TaaSERA, in a statement. “Enterprises need solutions to continuously monitor such behaviors - not code 'signatures' – in order to stop advanced and highly targeted attacks.”
He added: “behavior-based detection and analysis will finally allow enterprises to adopt a proactive and risk-based mindset to cybersecurity."