Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
In the first two parts of this series (part 1, part 2) I explored some of the ways that the threat landscape has evolved over the past decade and introduced a new special edition Microsoft Security Intelligence Report (SIR) called “The evolution of malware and the threat landscape – a ten year review.”
Another interesting aspect of looking back at the evolution of the threat landscape is how malware infection rates of different locations around the world have trended. The two graphs below are based on data Microsoft received from hundreds of millions of systems around the world since the first quarter of 2009 (1Q09), represented in a measure called computers cleaned per mille (CCM).
If you are interested in understanding the difference between the dashed and solid lines in the figures above please read an article I wrote called Determining the Geolocation of Systems Infected with Malware.
Each location listed has a slightly different mix of prevalent threat categories and families. For example, a threat in the password stealers and monitoring tools category called Win32/Bancos was detected on 12.6% of systems infected with malware in Brazil in the second quarter of 2011 (2Q11); this threat isn’t in the top ten threats in any of the other locations with consistently high malware infection rates listed above – reflecting the regional nature of that particular threat.
I often get asked how the consistently least malware infected regions maintain such low infection rates? This is a topic that I have written about extensively in the past. But we decided to take a closer look at Finland since it has consistently had one of the lowest malware infection rates in the world.
I went to Finland to talk to some key ecosystem stakeholders, to share our SIR data, and learn how they maintain such low malware infection rates. While I was there I met with a company called TeliaSonera. TeliaSonera is the largest Internet Service Provider (ISP) and largest carrier of Internet Protocol traffic in Europe. They are the fourth largest ISP in the world with 29,000 employees serving 164 million customers. I learned that TeliaSonera prides itself on being the “cleanest of the clean” and how the company has earned a reputation for safe computing by creating an automated monitoring and alerting system to identify infected devices, alert their owners, and quarantine the devices from the network until cleaned.
Figure: TeliaSonera provides a complete cycle of protection for its users
In essence, TeliaSonera monitors traffic on their network for signs of infection, and if malware is detected the impacted customer is notified while their system is isolated to a “walled garden” until it has been cleaned of malware. Once the infected device has been cleaned, it is allowed back on the network.
The real innovation here is that TeliaSonera automated this process to reduce the costs associated with manually contacting customers and increase how quickly they could contain and control malware outbreaks on their network; this work has greatly enhanced TeliaSonera’s service level and reputation with its customers. According to Arttu Lehmuskallio, a Security Manager on TeliaSonera’s Computer Security Incident Response Team, “just as we had one person create the application, it takes only one person to manage the monitoring and alerts. A process that required 45 minutes to handle manually in the past was automated so that one person could handle the same procedure at the rate of 500 an hour.”
There are a few best practices that TeliaSonera recommends other ISPs consider when looking to improve the health of their networks:
TeliaSonera’s efforts as an ISP protecting users from malware represents an innovative step toward creating safer, more trusted Internet experiences for everyone. It struck me that the way TeliaSonera was keeping its networks clean from malware was very similar in some ways to the Internet health model that Scott Charney, Corporate Vice President of Trustworthy Computing at Microsoft, proposed in a paper he published in 2010 called Collective Defense – Applying Global Health Models to the Internet.
We worked with TeliaSonera to develop a case study outlining their approach to maintaining the cleanest network in the cleanest region of the world, and its benefits. I invite you to read the case study: European Telecom Uses Microsoft Security Data to Remove Botnet Devices from Network.
Tim RainsDirectorTrustworthy Computing