Site icon Check Point Blog

Signature-based security solutions can leave networks defenseless for months

Can you afford five months without protection for your network? In a recent blog post, Avanan wrote that after five months of using a malware sample in their demos to show how malware can bypass traditional security solutions the malware was finally detected by a major enterprise email solution provider. The sample, a Cerber variant, was originally caught by the SandBlast Zero-Day Protection solution.

Cerber is a vicious ransomware-as-a-service operation, which we recently exposed in an in-depth report, CerberRing: An In-Depth Exposé on Cerber Ransomware-as-a-Service. It spreads through phishing emails and exploit kits, targeting thousands of users worldwide. Once it infiltrates, Cerber encrypts users’ files with the AES-265 and RC4 encryption methods and then demands a ransom of 1.24 bitcoins or ~$500 USD be paid in order to regain access of the user’s documents, photos and files.

There are two major points from Avanan’s blog which are worth further discussion:

As seen in Avanan’s demonstration, they tested a brand new malware sample, not known to any security vendor. Check Point’s SandBlast solution was the only one to pass Avanan’s test. It is important to note that SandBlast prevailed not only in comparison with signature-based solutions, but also in comparison with other advanced solutions, which failed to catch the malware. The main value advanced solutions should offer is catching unknown malware. If they fail to do so, they are no better than traditional solutions.

There are two key takeaways for enterprises from Avanan’s demonstration:

For more information about Check Point’s SandBlast Zero-Day Protection solutions, click here.

Exit mobile version