A recent research conducted by security company Lastline Labs revealed that only 51% of security solutions tested in a study are able to detect zero-day malware.
Experts at Lastline Labs have analyzed hundreds of thousands of pieces of malware they detected for 365 days from May 2013 to May 2014, evaluating detection capabilities of new malware against the 47 vendors featured in VirusTotal.
As explained by the researchers the principal problem is the time spent by providers of security solutions to distribute updates able to make their product efficient in the mitigation of the zero-day malware.
Experts discovered that in the cases where none of the tested AV solution detected a malware instance on the first day, it took an average of two days for its discovery, this means that in the best scenario end users will receive updates to protect their computers up to 2 days.
“On any given day, according to Lastline Labs’ analysis, much of the newly detected malware went undetected by as much as half of the AV vendors. Even after 2 months, one third of the AV scanners failed to detect many of the malware samples.” states Lastline.
The most alarming data in my opinion is that after two weeks, detection rates were up to 61 percent, demonstrating the latency in the distribution of the updates once discovered the zero-day malware.
“The least-detected malware – that is the malware in the 1-percentile ‘least likely to be detected’ category – went undetected by the majority of AV scanners for months, and in some cases was never detected at all.” according experts at Lastline Labs.
The reults of the research conducted by Lastline Labs demonstates the necessity to integrate Anti-virus protection with other security solutions. A layered approach is necessary to detect and block zero-day malware.
“We think that “traditional” AV technology is not dead, but needs to be complemented with other approaches (e.g., based on dynamic analysis of samples, network anomaly detection) that provide additional signals for detection.” added the experts.
Below key findings from Lastline Labs reports.
(Security Affairs – Zero-day malware, Lastline Labs)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.