In a 2010 poll of chief information security officers and senior IT security directors at Fortune 500 corporations, all respondents stated that they consider malware, whether viruses, Trojans, bots, or other advanced persistent threats, to be a serious threat to their enterprise IT security. A 2011 Ponemon Institute study found that the average 2010 per-incident data breach cost was $7.2 million. Advanced malware continues to place organizational data and network resources at increasing risk, with break-ins at RSA Security and Epsilon marketing and the continuing success of Zeus demonstrating the range of targets for these cyber weapons.

This paper offers a better and more current framework to understand both the next-generation threat landscape of advanced malware and the five key design principles needed to eliminate the devil’s bargain implicit in today’s dated and highly ineffective rule-, signature- and list-based defenses.