How we go deeper to protect you from new threats

Security

Read our whitepaper about F-Secure DeepGuard, our proactive protection against new and emerging threats. Read it here.

You may know that F-Secure won the Best Protection Award – twice in a row. But if you’ve ever wondered about how we actually go about protecting our customers from malware, this post is for you. We do it by going deeper. Let me explain.

Traditional antivirus software looks at the outward characteristics of files to see if the characteristics match those of previously seen malware files. If they match, the antivirus program knows to block the file.

For this system to work, antivirus labs need to have a sample of the malware file in order to analyze its characteristics so they know exactly what they need to block.

This is a very effective method for blocking most malware seen to date, and this is how F-Secure protects you from existing malware we already know about.

Of course, it takes time for antivirus labs to receive a malware sample and analyze it so we can effectively block it. That means brand new malware created just in the past few days or weeks that we haven’t yet had a chance to analyze, can get past traditional scanning systems.

Complicating the issue, cybercriminals who create malware nowadays are very clever at avoiding detection by antivirus programs. One way they do this is by creating new, different variants of their malware. These variants are still the same malware at the core, but they appear new and different on the outside. Like a criminal who dresses in disguise to avoid being recognized, the malware file is disguised to avoid detection by antivirus software. There are automated malware creation kits that do this for the cybercriminals, making it easy to spit out thousands of new variants.

To be able to protect from brand new malware, then, and to protect from all the new variants of existing malware, it is crucial for F-Secure’s software to be able to detect a malware file even before our Labs have ever received a sample of it.

So how do we block malware strains we’ve never seen? We examine not just a file’s outward characteristics, but we also monitor its behavior for suspicious activity. Like I said, malware can change in appearance and characteristics. But one thing never changes: Malware always does malicious things. So if we’re not sure if a file is malicious or not, we watch to see how the program behaves.

We call our behavioral analysis technology DeepGuard. DeepGuard observes a program’s behavior and prevents potentially harmful actions from successfully completing. This way, we can block even brand new malware files that haven’t yet been analyzed. And we can stop malicious files that are disguised as something else.

When the user opens a file, any file, DeepGuard instantaneously checks for suspicious behavior, and if it finds something, it will block the program from launching. Since some malware hide their malicious behavior until after the program launches, DeepGuard still continues monitoring programs while they are running, watching for and blocking suspicious actions.

DeepGuard is a feature of F-Secure’s products, working in tandem with our other protection layers (browsing protection, traditional signature scanning, file reputation analysis, and prevalence rate checking) to provide the very best protection. Our newest version, DeepGuard 5 with exploit protection, has already been rolled out, so customers with the latest versions of F-Secure products are already benefiting from the latest technology.

And that’s how we protect you.

Tags

Rate this article

0 votes

15 Comments

[…] これらのコンポーネントはF-SecureのSecurity Cloudのような技術で、高速で正確な検出のためのレピュテーションと普及率チェックを経て、リアルタイムに脅威情報を提供する。DeepGuardは、当社のホリスティック、およびふるまい分析のエンジンで、これまで未知だった脅威さえもブロックする。パッチ管理は、もう一つの階層化されたプロアクティブなアプローチの重要な局面であり、エフセキュアのソフトウェアアップデータはProtection Service for Businessに含まれている。 […]

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like