Past, Present and Future: Foresight & Hindsight in Network Security

16/07/2018 15:15:45
Basics of Signature-Based Detection: Looking into the Past

Each signature is different – like a fingerprint. Signature-based malware detection takes malicious files and adds them to a database of hundreds of millions of unique malware samples, allowing it to study each unique signature and “learn” what to look for in the future. The biggest up-side to signature-based malware detection is it’s widely used and understood by the IT industry as a whole, making the program fast, easy to use and widely available. 

While this is a fantastic method of malware detection for recognizable malicious programs, malware evolves quickly and any delay in detection could leave you extremely vulnerable. Sometimes, by the time a signature-based malware detection program has learned to recognize a new strain of malware, the malware has already been altered making its signature unrecognizable. 

Basics of Behavior-Based Detection: Looking into the Future

Hindsight is 20/20 but how do we see 20/20 into the future – or at least 15/20? Behavior-based malware detection attempts to do just this by scanning for potential threats by searching for abnormal or unauthorized actions and isolating the file for analysis. For instance, if an abnormal request is made for sensitive material, a behavior-based detection program would classify the action as a potential threat and investigate it BEFORE it executes any attack or theft. 

This type of analysis offers a significant advantage as it allows proactive scanning, detection and prevention – unlike signature-based detection which only protects from known threats. While the up-sides are numerous, there are still several pitfalls to be aware of as the technology develops. While static analysis can be performed in real-time, it takes time for a program to analyze the behavior of an object and determine its objective. In addition, many of the behavior-based solutions available are cloud-based – a potential issue for those businesses who haven’t migrated to the cloud (but that’s a whole different issue!). 

With even the most basic understanding of how these two technologies work, it’s easy to see clear advantages and disadvantages to both. Logically, the most effective protection method is to employ both methods in conjunction. Sangfor Technologies can help you provide with a comprehensive threat detection combining both signature & behavior based detection, giving you the foresight and hindsight you need to comprehensively protect your business. 

About Sangfor

Founded in 2000 and a publicly traded company as of 2018 (SANGFOR STOCK CODE: 300454 (CH)) Sangfor Technologies is the global leading vendor of IT infrastructure solutions specializing in Cloud Computing and Network Security. See for more information on Sangfor one-stop solutions for any and all of your network security and cloud computing needs.

Our Social Networks

Global Service Center: