Let’s be totally frank: no email security system in the whole world (at least none that one could afford or would choose to pay for) can prevent the occasional email containing a virus-infected attachment from landing in users’ inboxes with 100 percent certainty. This is partly due to the providers of virus scanners always requiring a certain amount of time to update their signatures after new malware has been brought into circulation. Until the signatures have been altered the malware goes unrecognized and is delivered unawares. One could, of course, first test each and every attachment for potentially malicious nature in a totally isolated environment, also known as sandboxing. This involves opening the file (in an automated process) within a virtual machine and checking if it behaves suspiciously. Well-designed malware is, however, able to recognize that it is currently only being tested and then behave inconspicuously – similar to the software written to control numerous automakers’ diesel engines. In any case, sandboxing requires a great deal of expensive infrastructure and leads to delays in the delivery of emails. That’s why Retarus has thought up an entirely new approach to the problem. This much we we are already revealing – we are able to use this new approach to retrospectively identify emails which were originally delivered containing an attachment infected with a virus – and then immediately alert the responsible administrator or optionally also the recipient. With a little luck the harmful attachment will not even have been opened yet and can simply be deleted without delay. Nevertheless, the forensic processes and curbing of potential damage is simplified dramatically – adding an enormous amount of value not only to e-mail security, but also to overall IT Security. This approach has been given the in-house code name “Patient Zero Detection®” and is already undergoing a test run at selected customers and at Retarus itself. Our Chief Scientist has moreover come up with another cool innovation – a “heat map” which allows the appearance of a sudden accumulation of the same or similar email subject lines, representing a potential wave of attacks, to be visualized clearly and recognized more easily. We are already working on other exciting ideas for the future development of “Patient Zero Detection®”. But let’s not get ahead of ourselves. We’ll be back with more on this topic soon enough.
Introducing Patient Zero Detection®
Tags: Email Security // Patient Zero Detection