Raimund talks about Trend’s use of big data within the Smart Protection Network and how it is delivering improved protection against today’s threats.
It seems that Big Data Analytics is the new Buzz Word, at least in IT Security
Everybody claims to do big data processing. And actually, a valid claim.
We at Trend Micro receive 430000 files everyday, we condense it down to 200000 unique files and generate 60000 new signatures – every day. Like all the other security players…
But different to the others we started with e-mail reputation in 2005 to address the spam challenge – and we realized thanks to this that we have a goldmine, as unwanted e-mail is also used to spread malware and launch targeted attacks.
By not only rejecting the SPAM for our customers but doing an in depth analysis we have been able to discover new threats and we saw a trending.
More and more e-mails didn’t contain the malware as an attachment, but just pointed to the malware via a hyperlink. Based on this we started to invest heavily in Web Reputation, and this technology is now one of our main weapons against the bad guys.
We receive 10 Billion Queries per day from our customers – and reply immediately what this URL is about, Good – Bad and Category. Based on this we see a lot of new attack models, Command and Control Servers, targeted attacks, bad actors trying new things.
And we now added Mobile Application Reputation, as mobile malware is skyrocketing. Last year mobile malware for Android was under the radar, when we predicted 120000 mobile malware by end of 2012 last November we have been called scammers.
Today with over 30000 Android Malware around already our predictions likely is correct. Furthermore with the amount of malware to be processed the risk of false positives grows, so we added whitelisting as an additional reputation service.The database, which contains over 140 Million known good applications helps us to find the right balance between aggressive malware detection and false positive avoidance.
And we threw in Vulnerability Rules and network inspection rules into the mix to detect cyber attacks and non file-centric events. By correlating global threat intelligence across all the threat vendors, we see more, correlate more, detect more and protect our customers better against the wide variety of attacks.
Thanks to our leadership in the reputation and correlation area we get more and more request from Law Enforcement, and we are able to help them to identify and jail bad guys – which is very satisfying for my team of threat researchers.
We provide reputation information to partners like RSA who than help their customers.
The correlation between all the events has helped us to deliver better security – and funny enough, we didn’t call it Big Data Analytics initially, we just did our job – and now everybody is using this descriptive term as a new buzzword. But as I mentioned it is not about how much data you store, it is about asking the right questions and how to correlate between events to find answers, and thanks to our threat expertise since 1988 and thanks to our investment into the Smart Protection Network we and our customers get the benefits out of it.