Z-Scan for the Credit Union Community
by Pierluigi Stella, CTO of Network Box USA, Inc.
On February 29th, 2012 in Los Angeles, Network Box was honored to win Info Security’s Global Excellence Award in the category of Security Products and Solutions for the Banking and Finance sectors (http://blog.networkboxusa.com/news/bid/72902/Network-Box-s-Z-Scan-Anti-Malware-System-Named-a-Winner-at-Info-Security-s-Global-Excellence-Awards).
This win was an immense validation for us because, from the onset, our commitment has been to work and partner with Credit Unions and small banks, and we’ve never once wavered from this manifesto. So, what is Z-Scan and why is it important to Credit Unions?
Let’s start from the issue we set out to resolve since our US operations began in 2003.
I don’t know if you’ve noticed but in the last few years, the amount of malware has increased steadily, day after day after day. Our database of signatures is a clear indication of this as the amount of signatures it houses went from 20,000 in 2003 to a staggering 8.5 million signatures today; and still, it continues to grow, to the tune of thousands more every single day.
The way AV companies traditionally operate is this: find the malware code, analyze it, decode it, classify/categorize it, create a signature, run it through regression testing, publish it. Your workstation then receives it at the next download cycle. This entire iteration can take anywhere between 3 and 12 hours; sometimes, it even takes days – which means that in the interim, your workstations are vulnerable to that particular threat. Considering that we witness thousands of new threats each day, an average workstation is thus exposed to and unprotected from THOUSANDS of new threats! No wonder we keep talking about Advanced Persistent Threats ~ the AV industry can barely keep up with the onslaught of malware!
Enter the Z-Scan. At Network Box, we decided that an entirely new approach was needed and, since we manage our own devices and have access to real time feedback from them, we were able to create a system that recognizes new threats within seconds.
The underlying principle behind Z-Scan is that creating signatures isn’t just time consuming, it’s utterly irrelevant. We don’t really need to categorize malware; after all, we’re not in the AV business. What we need to do is recognize that a piece of code is malicious in nature, and block it. Period. Regardless of what it is. Hence, a fingerprint to identify it univocally is the key.
We deployed a vast number of malware traps globally based on the premise that when an email containing more than text gets caught in one of these traps and our database of 8.5 million signatures of traditional AVs doesn’t find anything malicious – our assumption is that the code is malicious anyway. Therefore, we fingerprint it, and push that information to all our SOCs around the world in no more than 3 seconds. From that point on, all our boxes are instantly able to recognize that code as malicious, albeit not knowing exactly what it is (which, again, is irrelevant), and stop it before it intrudes our customers’ networks. And that’s EXACTLY what we want!
I know it all sounds so simple, but in truth, the Z-Scan is an actual real time AV technology no one else has, and which will protect your CU’s network from email threats in real time.
Z-Scan truly stops zero day attacks in their tracks. At http://response.network-box.com/protection-malware you’ll find the latest statistics on the number of fingerprints currently in Z-Scan. Considering that Z-Scan only keeps real time information (once a threat is classified and caught by traditional AVs, that fingerprint is dropped), at any given moment, it stores approximately 2 day’s worth of fingerprints. And as I write this, that number is 293,500 – meaning there are almost 300,000 zero day threats out there that traditional AVs aren’t catching but which the Z-Scan is.
I leave you with that as truly food for thought.
Pierluigi Stella, CTO, Network Box USA, Inc.
Pierluigi worked for 15 years at IBM, accumulating international experience primarily in the oil and manufacturing sectors. With a sterling track record of successfully accomplished projects, an extensive technical know-how, and nine years as head of both the technical as well as customer service divisions of Network Box USA, Pierluigi has been helping financial institutions and health care providers develop their security policies, and has accumulated extensive experience and knowledge of security issues.
He is one of the founders of Network Box USA.
Pierluigi graduated magna cum laudae with a Masters in Electrical Engineering and has received numerous industry recognitions for notable career achievements, including two Excellence Awards for innovative design. www.networkboxusa.com
