JOIN US With McAfee’s Artemis Technology, detection of malicious programme has been made real-time and pre-emptive.
Conceived and developed in India, Artemis has switched hands to the security firm with their take over of Delhi-based Solidcore. As Jeff Green, Senior Vice President, McAfee Avert Lab, explained, Artemis is a cloud-based threat-prevention service that takes full advantage of the knowledge the company has gathered over the years in addressing different threats across the virtual space.
“A piece of software has various attributes – including the way it interacts with the Operating System – that lets us decide if it is benign or malicious,” Green said.
“Imagine putting all the signatures – the so-called DNA samples – of such software in a cloud and creating a sort of collective intelligence around it. With Artemis, we have achieved precisely this.”
Given the large database of software profiles McAfee has gathered, it all takes building a cloud around it – something they could do with the acquisition of Solidcore.
Rather than just stacking it up with the profiles of the bad ones, the company has put in a great deal of good software to create an “intelligent collaborative environment” within the cloud. This has also made it easier for the technology to identify the bad software piece out in the wild easily.
The endpoint devices (which have turned on the feature with McAfee product) are constantly in touch with the cloud and if anything suspicious is detected, say, when a user is trying to open an attachment, the DNS technology would send the pain signal to the cloud.
The signal is checked for traces of bad software and response to the endpoint device to block the opening of the file is quicker,” Green said.
He said that the process takes 200 microsecond or even less in some cases. Ever since it started making the technology available since September last year, about 32 million endpoint devices have been connected to the cloud.
These systems are both consumer and some of the enterprise devices who may have turned on the feature. McAfee says that Artemis is available for free with virtually all kinds of its product offerings.
“Right now, we are not sure about the enterprise customers, since it is a decision that they need to take,” Green said. Real-time threat prevention, besides offering better security, also marks a shift in approach.
Instead of looking at each malware in isolation, Green said the approach offers a total view of its tracks and understand the patterns behind it.
“We deal with about 50,000 samples submitted to us each day,” he revealed. “We monitor about 100 sources for vulnerability, we see about 10 billion messages through various means, we scan about 21 million websites and categorise them in 65 different labels, we identify about 400,000 million Zombies or bots, the best thing is that we connect all of them to something akin to a satellite based weather system that looks at a full picture of the threat landscape.”
However, he admits such a broader system is only just emerging and is yet to mature. But with the way technology is moving, he is certain that it would mature faster and sooner.