SANTA CLARA, Ca. -McAfee has announced McAfee Artemis Technology that uses a new Internet-based service hosted by McAfee Avert Labs to provide active protection on the fly when a computer gets hit by malicious computer code.
“[Artemis] redefines how malware protection is delivered to customers out in the field,” said Dave Marcus, security research and communications manager with McAfee’s Avert Labs. “It is a lot faster than traditional methodologies and it closes the gap between when a piece of malware is written, discovered, analyzed and protected against.”
He added that because the amount of malware written for financial gain has grown 300 per cent from 2007 to 2008, McAfee needed to redefine the way they delivered content and the way they delivered protection to customers; hence Artemis.
Traditionally, malware detection relied on databases with threat signatures on the user’s computer. This approach required that the threat database on every computer be updated with signatures for each new threat in order to provide the latest detection. As a result there was an inherent delay from when the threat was first identified to when protection was available to all computers.
What Artemis does is leverage behavioral technology to examine a piece of malware that doesn’t have protection at the moment.
“If enough is known about how the malware is behaving to know that it is suspicious, [we will] fingerprint the file and send it in the cloud to AvertLabs so we can look at it, provide people a piece of protection and send it immediately back to them,” explained Marcus. “We’ve been analyzing malware for a long time so we know how it acts.”
When the malware is examined, it is compared to more information than can ever exist on a customer’s machine or ever exist in an enterprise environment, Marcus said. The malware is compared with white lists, black lists and other things.
He added that all of this happens in milliseconds. Marcus said the fast speed is due to the backbone of the technology leveraging the communication channel between the agent on the machine and the servers in McAfee’s AvertLabs. It is powered by McAfee’s Community Threat Intelligence, which includes security know-how from McAfee’s researchers, threat honey pots and real-time input from tens of millions of systems protected by McAfee.
For channel partners, Marcus said that this gives them the ability to deliver a solution quicker to the person that is under attack at the moment, instead of waiting a day or 36 hours to get a solution to fix the malware their customers are experiencing.
“They are able to get it when they are actually experiencing the attack from the malware,” he added.
James Quin, senior research analyst with Info-Tech Research Group, said that Artemis is something that organizations absolutely needed to have as it offers an additional layer on top of what people already have.
“If you talk to the anti-malware vendors, they are losing the battle,” said Quin. “Not that malware is winning, but they can’t keep up with the volume anymore.”
However, Quin added that while Artemis will allow organizations to catch zero-days much quicker and be more responsive, the downside is someone first needs to get infected and report it before a cure can get out. Still, in the end it does offer higher level of protection to everyone else. “You will find fewer infections will happen because the problems are caught fundamentally quicker.”
Quin said that McAfee’s approach of using reputation and their user community does offer better protection but that the fix shouldn’t be just based on one person’s report and that when a malware is new and not known immediately, it needs more than one report to establish reputation.
Another thing that organization’s need to be aware of is the fact that Artemis opens up outbound traffic to communicate to the cloud in and out of the network and that the enterprises should approve this traffic or risk not getting the benefit of the solution.
Artemis is available at no charge as part of McAfee VirusScan Enterprise or McAfee Total Protection Service for small and medium-sized businesses. Artemis is also available for McAfee’s consumer products, where the functionality is called Active Protection.
This column was written by Vanessa Ho of ConnectIT, an IntegratedMarCompany
a>>
