One of the best things about the data-driven architecture of the Immunet anti-malware offering from Sourcefire is that it gives us insight into global threat trends. I recently took a look at our data, and segmented it geographically. Here are some results that compare the UK with the United States. Interestingly, despite our cultural differences and despite being separated by the Atlantic Ocean, it turns out that both countries have a lot in common when it comes to malware.
First, the most popular threat that our users in both the United States and the UK were exposed to was actually the same. This threat is a popular web search toolbar that hijacks search results, slows down the system when surfing the web, and tracks your online behavior. I was particularly excited that this particular threat was caught using a detection technology we recently designed that leverages our data-driven architecture by performing sophisticated back-end analytics. From what I can gather, of the major anti-malware vendors, only about a third detect this threat.
Another interesting comparative metric is the number of infections per active user. The United States has about 0.43 infections per active user (that is out of about 100 active users, we see 43 total infections on their machines). This places the United States in fourth place among countries where the Immunet Protect anti-malware technology has a substantive presence (i.e., 10,000+ users). The UK is in fifth place, literally just behind the United States, with 0.39 infections per active user. In this case, however, being behind is a good thing -- it means that a typical Immunet Protect user from the UK sees slightly fewer infections than a typical user in the United States. Among the 200+ countries in which Immunet Protect has a presence, the US and the UK rank 116th and 125th respectively.
I also measured the benign-to-malicious query ratio for the two user populations coming from these countries. For the US, the ratio is 3524 to 1 (meaning that for every 3,524 "clean" file queries we get, there is one "benign" query). For the UK, the ratio is 1,959 to 1. Therefore, even though users from the UK get infected slightly less often, a much larger portion of the files queried from this region are malicious. In combination with the previous metric, this seems to imply that users in the United States have many more (benign) software applications on their systems than their British counterparts.
So, while there are some striking similarities between these two countries, in some regards they continue to be different. Malware is a global problem, and it's important to have a global perspective when trying to combat it.
0 comments:
Post a Comment