It seems as if everyone is having a hard time staying a step ahead of the bad guys lately. The amount of malware we have seen so far in 2008 is greater than what we saw in the previous two years combined [Source: McAfee® Avert® Labs].

This unprecedented growth in malware has made it difficult not only for consumers and enterprises to keep up, but also for security vendors that rely on the traditional defense mechanism of “signatures,” or malware definitions, to identify suspicious or infected files when they gain entry to a system. The biggest problem with using signatures is the protection gap. Generally, there’s a 24- to 72-hour lag from the time a threat is identified, analyzed, and its signature is developed to the time the signature is finally applied at the endpoint. And while you’re playing the waiting game, your system(s) and your data are exposed and vulnerable.

Bad Guys Go for the Big Bucks
What’s behind this surge in malware? The key driver is economics: the bad guys are now more focused on chasing dollars rather than stroking their egos. According to Gartner, more than 80 percent of attacks are financially motivated. The sale of personal and confidential information collected by the malware authors has resulted in a cybercrime economy that runs in the billions of dollars.

Most of these threats are stealthy by nature—often encrypted or packed in common formats and applications, such as PDFs, Microsoft Word, or multimedia files. Packing or compressing malware in this way not only reduces the size of the files and makes it easier and quicker to distribute them, it also increases the time and cost for security vendors to analyze and protect against them. Often these infected files are downloaded from social networking sites and other popular online venues. There are also certain Google search words whose results present a number of infected sites.

The “Protection Gap” in Current Solutions
As I mentioned earlier, when malware first appears (at time=0 in our graphic) until the time most users are protected (at time=4 in our graphic), there is a fairly long delay, leaving you exposed to the threat during this interval. Some security vendors offer behavioral techniques, such as host intrusion protection systems, at endpoints. However, these technologies work in silos, without any communication among each other. Because many of these threats are stealthy, blended attacks that use multiple channels, such as email and the web, for infection and propagation, it’s really important to correlate the intelligence that these protection methods gather with the threat data from the user community.




The Risks and Consequences of Exposure
Exposure to threats may result in the theft of confidential corporate and personal information, as well as disruption of productivity, loss of revenue, and damage to reputation and brand equity. The cost of the average loss per attack is estimated at $1,200 for consumers and $350,000 for enterprises, according to the Internet Crime Complaint Center/FBI and the National White Collar Crime Center. Threats also elevate the risk of noncompliance with regulatory requirements.

To deal with the stealthy nature of these rapidly evolving threats, security solutions need to be more creative and respond more quickly. For a solution to be truly effective, it’s imperative that the availability of detection and protection against these threats moves from hours and days to minutes or even seconds. Another important ingredient is a high level of accuracy to support the scale and role of the Internet in business today.

Eliminate the “Protection Gap” with McAfee Artemis Technology
McAfee Artemis Technology is the first real-time threat protection technology that significantly reduces exposure to known and emerging threats. Using community threat intelligence, Artemis Technology compresses the research life cycle to close the protection gap.

How it Works
Artemis Technology provides a new “always-on” delivery model for relevant, up-to-date research and response to close the protection gap. Using a combination of signature/behavior analysis and the application of community threat intelligence, its real-time “pull” model delivers protection to the system whenever it’s required. This mechanism supplements the signature-based detection currently available in McAfee solutions and products. When the user receives a file that the scan agent deems suspicious (for example, an encrypted or packed file) and for which there is no signature in the local .DAT database, the agent, using Artemis Technology, sends a fingerprint of the file for instant lookup to the comprehensive database at McAfee Avert Labs.

The uniqueness of our technology lies in the fact that, in a sense, this is a community effort. Because the intelligence is derived from multiple sources, including the entire McAfee user community, the discovery and availability of protection from malware is available almost instantly.

Avert Labs gets advance notice of suspicious file fingerprints from the community of McAfee users and watches for recurrences. Based on statistical input from the user community, we tag it as suspicious, and we’re able to gauge whether it’s a malicious file or not. When we get a fingerprint and determine that the file is indeed suspicious, we immediately inform the user by sending a short message to the endpoint system, and this occurs in 50 milliseconds, not in minutes or hours, as with traditional signature updates. Depending on the policy of your organization, you can quarantine the file or block it.

The key advantage of Artemis Technology is that users are protected even before the signature is available, so they have no exposure whatsoever to the malware. Using Artemis Technology is like having an Avert researcher at each desktop—looking at any suspicious file for which there is no local signature. This compression of the protection gap significantly reduces your exposure to threats.




Zero Touch. Zero Cost.
For enterprises, McAfee Artemis Technology can be seamlessly enabled through our central management console, McAfee ePolicy Orchestrator®, if you already use McAfee VirusScan for Enterprise or through McAfee SecurityCenter if you use McAfee Total Protection Service. There’s no need to install any additional software on the endpoint, so there’s no additional overhead or increase in operational costs for enterprises to benefit from this increased level of security. All you have to do to enable Artemis Technology is click on a check box.

For consumers using McAfee VirusScan with SiteAdvisor® Plus, Artemis Technology is as easy as following the normal .DAT update process. There’s no need to upgrade or install a new version of the product.

Best of all, because Artemis Technology works silently, you can maintain your level of productivity without worries and without disruption—on the job and at home. To learn more about McAfee Artemis Technology, visit: www.mcafee.com/artemis.