WatchGuard Technologies

Advanced Malware

Survive the Epidemic of Advanced Evasive Malware

Whether as old-fashioned virus attachments in email, trojans delivered through network attacks, or modern ransomware forced through drive-by download web attacks, malware has long been the bane of IT organizations.

Researchers identified more that 500+ evasion techniques in use today (Lastline)


More than 140 million new malware variants are created each year


97% of executable malware found on endpoints was new enough to not have an AV signature (Webroot)

So what is advanced malware and how does it work?

As the name suggests, malware is software designed to infect a computer to perform a variety of malicious actions. After exploiting technical or human vulnerabilities in your environment, an attacker will deliver malware to compromise your users’ computers for the purpose of stealing or denying access to information and systems. Antivirus (AV) solutions were introduced to combat known malware files by identifying them using distinct patterns we call signatures. While these solutions are still useful for quickly preventing a certain threshold of basic malware, they’re insufficient at detecting the more common evasive and advanced malware samples seen today, as they rely on human or automated systems to find, analyze, and update a database of malware signatures.

What’s more, modern malware is more adaptive than ever and able to change the way it looks to evade signature-based detection. Using methods the criminals call “packing and crypting,” attackers can repeatedly change a malware file on a binary level, making it look different to antivirus software. Even though the malicious executable still does the exact same thing, it looks like a new file, resulting in AV products missing a piece of malware that they previously knew about. With hundreds of millions of new malware variants discovered each year, signature-based antivirus simply cannot keep up.

How can you defend against advanced malware?

The ever evolving nature of malware necessitates a new approach to prevention. Advanced malware detection solutions that can identify new malware as early as possible, like WebBlocker and APT Blocker from WatchGuard, are essential to defending your organizations against these threats. Using a technique called sandboxing, these solutions emulate a host computer to proactively catch new malware variants, without having to rely on a pre-known pattern or signature. They do so by creating a virtual environment in which unknown and untrusted code can be run, and analyzing behavior to detect possible threats.

How to Prevent Advanced Malware

Icon: WatchGuard WebBlocker

WebBlocker is a fully integrated security subscription for WatchGuard appliances that allows IT administrators to manage web access and content for stronger security and control of web surfing. This module blocks malicious sites that could house ransomware, preventing successful malware downloads.

Learn More

Icon: WatchGuard APT Blocker
APT Blocker

APT Blocker is a dynamic sandboxing solution providing detailed visibility and analysis into the execution of malware. If the file has never been seen before, the files are detonated in a virtual environment to analyze the behavior and determine the threat level, protecting against advanced malware and zero-day threats.

Learn More

About WatchGuard

WatchGuard has deployed nearly a million integrated, multi-function threat management appliances worldwide. Our signature red boxes are architected to be the industry's smartest, fastest, and meanest security devices with every scanning engine running at full throttle. Why buy WatchGuard? Find out here.



Social Media