Behavior-based anti-malware products will become an essential component to the portfolio of security products
The NovaShield team has developed the most advanced and accurate anti-malware product available to consumers and businesses with the best-in-class ability to find new threats such as drive-by-downloads, trojans, botnets, keyloggers, and rootkits. Funded by two competitive grants from the National Science Foundation (NSF) and private investors, NovaShield is based in Madison, Wisconsin. NovaShield Inc. was founded by leading scientists at the University of Wisconsin, and develops technology to detect and eliminate the next generation of malware threats on personal computers. Their breakthrough approach rapidly identifies previously unseen malware by using specification-based monitoring, a real time and uniquely effective approach for detecting looming threats.
Name: Dr. Somesh Jha Position: Chief Scientist Previous jobs: (currently) Associate professor of Computer Science at the University of Wisconsin, Madison Education: Ph.D. in Computer Science at Carnegie Mellon University, B. Tech in Electrical Engineering from IIT- Delhi, India. Presentations: Presented at various academic conference and events around the United States Residence: Madison, Wisconsin Other interests: Classical music, tennis
In the following interview, Dr. Somesh Jha, Chief Scientist, NovaShield discusses 1:1 with Rake Narang, Editor-n-chief of Info Security Products Guide, malware and a much needed paradigm shift to win the catch-up game with malware
Rake Narang, Editor-n-Chief - Info Security Products Guide: How has malware evolved over the years? What weaknesses do malware take advantage of these days and how aggressive have they become?
Dr. Somesh Jha, Chief Scientist - NovaShield: Malware in earlier years was essentially used for creating a nuisance, i.e. crashing a computer or erasing critical files. Much of this type of malware came from email. Today, the Internet has enabled organized groups to create newer forms of malware to compromise host computers. Current forms of malware can actually take control of a person’s computer and turn it into a bot (a zombie that is controlled by bot-herder) - Groups of bots (botnets) are used for various nefarious activities, such as spamming and identity theft.
In the current landscape, malware takes advantage of the fact that the predominant method for detecting malware is signature-based, when malware is detected, a signature is written to detect that threat in the future, then stored in a signature database. Unfortunately, this is not very resilient to malware variants. In other words, current scanners can detect malware that has already been detected, but fail to identify a slight variant of that malware.
Hackers are really exploiting this weakness in signature-based scanners! For example, the Storm worm had thousands of variants that were released in a span of one week. Several variants of the Storm worm were not detected by signature-based scanners.
Rake Narang: What are the latest products and services provided by NovaShield? How are security solutions from NovaShield helping organizations adhere better to regulatory compliances?
Dr. Somesh Jha: NovaShield is releasing an anti-malware product that uses an approach to malware detection called specification-based monitoring. For this approach, all events from a process to the operating system are monitored by a specification or a policy. Since NovaShield’s anti-malware product does not depend on patterns or signatures, it can thwart an entire class of exploits (such as drive-by-downloads) using very few specifications. In other words, the product is resilient to variants of the same malware and is therefore ideal for thwarting emerging threats. NovaShield’s product architecture is flexible, meaning the company can fine-tune specifications to an enterprise in order to help with regulatory compliance. NovaShield, however, will focus on protecting consumer PCs with its first release this summer and will not be releasing an enterprise version in the near term.
Rake Narang: Will the security vendors always be playing a catch-up game with malware? How do you see the security products and services evolving 2-3 years from today?
Dr. Somesh Jha: We think by deploying emerging anti-malware products that inspect the behavior of malware, we can get ahead in the malware “arms race.” We need a paradigm shift to win the catch-up game with malware. I think in the next 2-3 years behavior-based anti-malware products will become an essential component to the portfolio of security products. Moreover, we think there will be exciting products that will provide much deeper protection for specific threats (such as botnets and rootkits).
All About NovaShield Head Office Address: 1200 John Q. Hammons Dr. Madison, WI 53717 USA Founded in: January 2006 CEO: Praveen Sinha Public or Private: Private Investors: Angel Number of Employees: 9 Products: NovaShield AntiMalware Company’s Goals: Leader in advanced anti-malware detection for emerging threats Recent Awards Won: NSF SBIR grant awards: Phase I and II
