The Internet and technologies surrounding it has opened up many opportunities for businesses across verticals. But the rise of Internet has also paved the way for cyber criminals to become more active. Today?s threat landscape is stealthy?financially motivated attackers exploit vulnerabilities in endpoint devices. Malicious attacks are on the rise. Too many of their attacks are sophisticated enough to avoid detection by the traditional security solutions. And too often the targeted organisations suffer disruption of business-critical services.

With the advancement in technologies, threats have also become sophisticated. One major concern is the socially-engineered malware. These are Web pages with links to applications that appear to be safe and are designed to fool the user into downloading them, like a software update, screensaver application, video codec upgrade, etc.

Additionally, the download link delivers a malicious payload whose content type would lead to execution. Security experts refer to these threats using different terms such as consensual or dangerous downloads. Socially-engineered malware attacks pose big risks to individuals and organisations alike by threatening to compromise, damage or expose sensitive information.

With over 50% of malware delivered via the Web, protection against them is driving the evolution of security products at the desktop level. The Web is being used to distribute malware and evade traditional security programmes. As per studies, 53% of malware is now delivered via Internet download versus just 12% via email, while IFrame exploits and other vulnerabilities comprise 7% and 5%, respectively. It is observed that criminals take advantage of social networking sites and user-generated content that allow rapid publishing and anonymity. The speed with which the threats are ?rotated? to new locations is staggering and poses a big challenge to security vendors. Early detection and prevention of these threats continue to be a challenge as criminals remain aggressive.

It has become imperative to have a solution in place that can identify and respond to the next generation threats. The solutions should also have the capabilities to help companies to minimise data loss from malware activity, reduce damage containment costs and improve the overall security posture. Security vendors are adding and improving in-the-cloud components to augment on-client detection techniques such as signatures and heuristics. These new URL and file reputation-based malware warning systems offer an additional layer of protection. These reputation systems leverage client feedback and Web crawlers to categorise additional URLs and files, either by adding them to a black or white list or assigning a score. This may be performed manually, automatically or some combination thereof. The endpoint protection product can then request reputation information from the in-the-cloud systems about specific URLs and files to make a determination.

To provide a thorough and real-world test of the malware protection in a controlled and verifiable manner, it is important to opt for a product that has gone through the live test environment procedure. As new threats crop up and spread fast through the Internet, legacy testing techniques are no longer a relevant method to measure a product?s capabilities. Static testing or on-demand scanning generally does not enable the most robust detection techniques. And even dynamic testing alone is insufficient, given the increasing reliance on real-time, in-the-cloud reputation systems. A combination of reputation/download and execution analysis provides the best understanding of real-world product capabilities. Live test environment procedure does exactly that. Unlike other tests, this test measures the current threat protection more effectively.

As malwares are fresh and represent the current distribution on the Internet, it is important to opt for the solution that has gone through live test, as it recognises the latest malware at an early stage. Early detection saves bandwidth which can impact the network performance. Yet another important and common detection method is to analyse the contents of a file as it is being downloaded. Malicious files that escape detection during the reputation and download phase can be evaluated during execution. This dynamic execution test provides the opportunity for more sophisticated analysis such as sandboxing, heuristics and behaviour blocking. With new vulnerabilities and threats emerging on a regular basis, an intelligent and effective reputation system is a must-have for companies.

The writer is country manager, India & SAARC, Trend Micro