SOURCE: M86 Security

M86 Security

March 02, 2010 07:00 ET

New M86 Security Labs Report Finds 60% of Malicious URLs Pass Unnoticed Through Anti-Virus Scanners and URL Filtering

Live Test Reveals Web Vulnerability Gap Is Wider Than Expected; Users Are Insufficiently Protected Against Dynamic Web-Based Threats

SAN FRANCISCO, CA--(Marketwire - March 2, 2010) - RSA Conference® 2010 - Moscone Center - Booth #1151 -- M86 Security, the global experts in real-time web and email threat protection, today released a new report revealing M86 Security Labs research results based on the primary attack vectors on the Web and how the common approaches used to fend off these attacks stand up in today's dynamic threat landscape. The report titled "Closing the Vulnerability Window in Today's Web Environment," discloses both quantitative research on the percentage of Web threats correctly identified by URL Filtering (3%) and Anti-Virus Scanning (39%) over the course of last month and three real-life studies of specific attacks, which are increasing in frequency: dynamic obfuscated code, hacking of legitimate Websites, and zero-day vulnerabilities.

In February 2010, M86 Security Labs collected and tested more than 30,000 live malicious URL samples against the typical tools of third-party URL lists and anti-virus scanners. The analysis found that in the best case scenario, 6 in 10 malicious URLs pass unnoticed through anti-virus scanners and URL filtering, even when these two approaches are used together. All the malicious URLs were correctly identified by M86 Security's real-time code analysis technology. The test also looked at the growth rate of signatures behind anti-virus scanners, such as the popular's malware collection, and found that despite the dramatic increase in signatures, organizations and end-users are less protected because of the evasive methods cyber criminals use as well as the real-time dynamic nature and sophistication of today's Web-based attacks.

"Even though URL Filters now check for more than 22 million malware signatures, 7 times the number in 2004, websites are still no safer as malware and Web 2.0 threats increase at least as quickly," said Bradley Anstis, vice president technical strategy, M86 Security. "In comparison, we found that our real-time code analysis capability achieved a 100% success rate in capturing and blocking all the tested URLs without the need for updates. To counter the specific cases that we analyzed in this report, and to ensure maximum efficiency, we believe a three-pronged approach of combining URL filtering, anti-virus scanning and real-time code analysis should be best practice."

The nature of today's constantly changing and evolving Web threat landscape requires a true real-time solution that is scanning the actual content the end-users are accessing, when they are accessing it. Using M86's patented real-time code analysis technology, M86's Secure Web Gateway solution correctly de-obfuscated and identified the malicious code's true intent and content, removed the malicious content from the page, fixed the formatting and delivered the safe content to the user. True real-time code analysis is able to scan each and every piece of incoming and outgoing Web content in HTTP/HTTPS/FTP to detect and block Crimeware, malware, Trojans, targeted attacks and other malicious Web content before they are able to penetrate corporate networks, even when hiding in encrypted SSL traffic.

Conclusion: Test Substantiates Need for Multi-Layered Approach

Static signatures or URL filtering technologies alone, or even together, are unable to protect end-users from contemporary threats like zero-day attacks, malicious code served from legitimate sites and run-time created malware. To be successful, the best approach is one combining three layers including URL filtering, AV scanning and real-time code analysis.

To read the full M86 Security Labs report, please visit:

About M86 Security
M86 Security is the global expert in real-time threat protection and the industry's leading Secure Web Gateway provider. The company's appliance, software, and Software as a Service (SaaS) solutions for Web and email security protect more than 24,000 customers and over 17 million users worldwide. M86 products use patented real-time code analysis and behavior-based malware detection technologies as well as threat intelligence from M86 Security Labs to protect networks against new and advanced threats, secure confidential information, and ensure regulatory compliance. The company is based in Orange, California with international headquarters in London and development centers in California, Israel, and New Zealand. For more information about M86 Security, please visit

Follow M86 Security on Twitter at:
Facebook at:
M86 Security Labs Blog at:

Contact Information