Skip Navigation
BlackBerry Blog

Malware: From Patient-Zero to True Prevention

NEWS / 10.20.17 / The Cylance Team

For decades, the entire anti-malware industry has been built on a reactionary model, a system that requires someone somewhere to be infected (Patient Zero) with never before seen malware before a signature can be written manually and then distributed so others don’t suffer the same fate.

Even the most advanced techniques of signature-based detection, exploit prevention, whitelisting, application controls, and endpoint detection and response all fall into this “sacrificial lamb” reactionary model.

“The anti-malware industry is unique in that it is the one area of Information Security where end-users are used to accepting failure,” noted Carl Gottlieb of

“For many organisations, the only thing that stands between them and a malware infection is luck that they are not one of the first to see a variant.”

The problem is that the vast amount of malware being released in the wild today is drowning the legacy anti-malware industry and its reactive nature. You may recall seeing presentations by legacy anti-malware vendors that detail their response timelines, boasting about their ability to provide a signature within 12 hours of a new infection. But 12 hours is an eternity in today’s threat landscape.

Remember SQL Slammer? In 2003, SQL Slammer infected 75,000 victims in just 10 minutes! And that was more than 14 years ago — the Stone Age of technology (we didn’t even have iPhones back then). Human creation of new signature files simply can’t keep up with today’s explosion of malware threats.

Numerous reports suggest that nearly 700,000 new malicious programs are created every day. That fact, in and of itself, is a data problem that can no longer be reactively addressed by humans.

“At TestMyAV I receive feedback daily from organisations evaluating the various products in this industry,” Gottlieb said. “And it’s becoming very clear that the most effective solutions are the ones that are shifting their efforts away from the signature arms race and more towards the predictive approach.”

Advances in artificial intelligence (AI) and machine learning (ML) are finally challenging this outmoded paradigm and offering the option to evolve to a true “prevention” model. AI/ML is the only viable way to combat malware threats today and in the future.

The recently released book Next-Generation Anti-Malware Testing for Dummies explains not only why you should not make the critical decision of which anti-malware solution to deploy based on paid-to-play third-party recommendations, it also shows you why you need to test different solutions for yourself, and provides the details on how you can do it effectively.

Next-Generation Anti-Malware Testing for Dummies consists of six concise chapters that explore:

  • Why legacy anti-malware techniques are limited, and how artificial intelligence and machine learning combat modern malware more effectively
  • Why you should test for yourself
  • How to set up your own anti-malware testing environment
  • How to safely obtain malware samples and test anti-malware products yourself
  • How to take action on your anti-malware testing results
  • What to consider when choosing an anti-malware solution for your organization

While the publication is intended for IT managers and security administrators tasked with server and endpoint security in your organization, it is crafted to be accessible to non-technical readers as well, so you’ll come away with more knowledge about malware and anti-malware solutions testing.

This resource is offered at no charge, and contains a wealth of information that will get your team up to speed in order to set up your own internal testing lab so you can better evaluate which anti-malware solution is the best for your organization.

Download Next-Generation Anti-Malware Testing For Dummies, and feel free to reach out to our team of experts for more information on why testing for yourself is the key to furthering your endpoint security efforts.

The Cylance Team

About The Cylance Team

Our mission: to protect every computer, user, and thing under the sun.

Cylance’s mission is to protect every computer, user, and thing under the sun. That's why we offer a variety of great tools and resources to help you make better-informed security decisions.