Zero-Hour Virus Outbreak Protection provides messaging security vendors proactive email-borne virus detection, effectively closing the early-hour vulnerability gap during which millions of users are often infected. Commtouch’s rapid virus detection capabilities ensure users’ protection hours before signatures are released. It has been integrated by leading anti-virus and software security vendors, as well as Managed Service Providers (MSPs) and Messaging Solutions Providers.
Commtouch Zero-Hour Virus Outbreak Protection takes a different approach to malware defense than traditional anti-virus engines. Instead of focusing on hunting for new viruses and racing to catch them with a signature or heuristic, Commtouch monitors billions of messages daily across the globe, in order to identify and block new malware outbreaks the moment they emerge. Based on patented Recurrent Pattern Detection™ (RPD™) technology, Zero-Hour Virus Outbreak Protection identifies and blocks email-borne malware in real-time, providing immediate protection against new variants, in the first critical hours of an outbreak. As rapidly-changing malware techniques continue to develop, real-time virus outbreak detection has proven an effective defense against new outbreaks. Zero-Hour Virus Outbreak Protection complements traditional AV solutions by adding an extra layer of Zero-Hour outbreak defense.
Zero-Hour Virus Outbreak Protection is
typically integrated into a service provider environment or a vendor device
such as a Mail Gateway or Anti-Virus software. It consists of an engine that resides in
the partner product or environment and an “in the cloud” detection and classification center (the GlobalView Network).
After integration within the service
provider environment or vendor device, emails are fed to the engine to determine the attachment classification.
The engine first checks its local cache for classifications. If necessary, the engine
queries the cloud-based GlobalView Network for classification. The engine returns a classification and the vendor device
or service provider server then deletes, quarantines or forwards the email to the user.
Even the most reliable anti-virus engines take a certain amount of time to identify and analyze malware, and create a signature to defend against it. This can take anywhere from hours to days. In some cases a signature may never be created, or may be created after the malware attack is over. Zero-Hour Virus Outbreak Protection protects during this extremely vulnerable window by simply blocking the messages with the malware attachments from entering users’ inboxes.
Even malware that comes in thousands of different flavors, or “variants,” can be identified due to various characteristics that repeat themselves in a recurring pattern. Once those patterns are detected – a process that takes mere seconds – the entire outbreak can be blocked.
Every piece of malware that Commtouch detects is automatically sent to AV-Test.org, a non-profit organization that tests anti-virus engines. AV-Test then tests this malware against dozens of anti-virus tools, and returns a response to Commtouch. AV-Test continues to test, and sends Commtouch updates. The comparison report for each malware based on this data from AV-Test.org is usually published 2-3 days after the malware was detected by Commtouch, in order to give time for the various anti-virus engines to distribute their signatures. The time of the report is always listed on the report itself.
Every piece of malware is published with its MD5 Checksum, a unique number that acts like the identity card of the virus.
