Real-Time Response To Malware Slashes Threats

TEXAS CITY, Texas-Internet malware can't touch AMOCO FCU here, thanks in part to real-time virus detection that responds to new threats in seconds.

"We've seen a virtual elimination of threats from the outside, because of Z-Scan," said Thomas Green, VP-IT at the $569-million CU. Previously, "we had a far higher rate of infection. It is rare today that we have to service a machine due to malware."

Z-Scan, or Zero-Day Scan, is a new anti-virus engine and virus signature service that works "from the cloud," blocking new Internet threats in real time. When Z-Scan detects new malware, the engine pushes a threat signature to CU security appliances-often in about four seconds-to allow them to block the malware.

Z-Scan was introduced in September and is part of managed security services provided by Houston-based Network Box USA, which specializes in unified threat management (UTM). AMOCO FCU deployed the Network Box E-1000X security appliance for UTM in 2008.

"Traditional anti-virus takes an average of four hours to have an official signature for new malware," said Pierluigi Stella, CTO, Network Box USA. "The Z-Scan approach is 3,600 times faster and incredibly effective against zero-day attacks."

Zero-day attackers have time on their side. They design and deploy malware targeted to take advantage of a specific software vulnerability on the "zero day"-the day before the software developer learns of the vulnerability.

Traditional anti-virus (AV) has a hard time blocking credit union networks from zero-day exploits, said Stella. First, AV providers have to develop and release the anti-virus update, which can take hours. Then, protection depends on the credit union downloading and installing the AV update in a timely fashion across the enterprise.

"The real threats to a clean network are the new ones, the zero-day threats, those for which traditional AVs don't yet have signatures and, thus, those which you're not protected against," Stella suggested. Z-Scan, on the other hand, traps potential viruses in real time over the Internet.

The number of zero-day attacks hit nearly 40,000 in one day recently-"attacks traditional AV companies had no signatures for. Z-scan was working overtime, but it was able to keep up," Stella said.

Once a virus is known and a signature issued, Network Box uses traditional software to block the virus.

One Threat Remains: Employees

AMOCO isn't completely rid of malware threats, even though external attacks have been thwarted, Green continued. "At this point most of our malware threats are due to employees bringing outside files in via removable media, such as thumb drives. When this happens, we typically find that there is an issue with an installation of anti-virus software that prevented the catch at the local machine."

The Network Box UTM appliances include firewall, intrusion detection and prevention (IDPS), anti-virus, anti-malware, anti-spam, content filtering and virtual private network (VPN) services. UTM services are now also available from the cloud, which cuts costs.

For reprint and licensing requests for this article, click here.
Technology
MORE FROM AMERICAN BANKER