The top security threat in enterprise environments during the first half of the year was the Conficker worm, Microsoft says in its Security Intelligence Report (SIRv7), which covers the first six months of 2009.

wwThreats

The above map illustrates the infection rates of locations around the world, expressed in a metric called CCM that represents the number of computers cleaned per thousand executions of the Malicious Software Removal Tool. Source
Microsoft SIRv7 Report
In the SIRv7 report, Microsoft states that the number of worm infections in enterprise environments doubled from the last half of 2008 through the first half of 2009. This allowed worms to rise from the fifth most commonly encountered threat category to second.

Microsoft’s SmartScreen Filter has helped determine that the amount of Miscellaneous Potentially Unwanted Software detected rose from 35% in the second half of 2008 to 44% in the first half of 2009.  Based on statistics in the SIRv7 report, Microsoft’s self-assessment is that its security measures are stopping malware before it gets downloaded.

Network Behavior Analysis
Companies can benefit from a solution that provides additional home land security measures.  Intelligent use of NetFlow can be effective at detecting odd traffic patterns and stopping the spread of worms across internal networks.  Flow Analytics from plixer ships with dozens of algorithms that detect malware such as botnets, worms, and other threats. While antivirus solutions help catch infections on computers, Flow Analytics looks for problems that are already underway (e.g. DDoS, network scans, nefarious activity, etc.) on the internal network.

Scrutinizer with Flow Analytics is one of the only NetFlow and sFlow solutions that combines network traffic analysis with continuous network behavior monitoring.  Because IDS or IPS devices usually only monitor internet connections, Scrutinizer can be used to monitor for worms and other malicious traffic patterns on all network connections that can export NetFlow and sFlow.

Michael

Michael

Michael is the Co-Founder and the product manager for Scrutinizer Incident Response System. He can be reached most hours of the day between work and home. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer. Feel free to email him.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…