Amritam Putatunda
Technical Product Manager
Blog

10,000 downloads in 1 year! BreakingPoint customers bolster cybersecurity testing with daily malware service.

December 3, 2019 by Amritam Putatunda

When we launched our daily malware service, there were some level of doubt. Before the daily malware, we would generally release a collection of malwares each month. The issue with monthly malware updates is that 30 days is a long time in the hyper-dynamic world of cyberattacks, where malware can morph many times over within that duration. 

We had to rethink how we deliver real-world malware samples—cadence and efficacy were our primary concerns. It wasn’t feasible to upload all the malware samples that we have access to every minute. It was also not practical for customers to download hundreds of gigabytes of malware strikes daily and use those strikes against their device under test (DUT). However, we still needed a reliable way that would validate the efficiency of a DUT or system under test (SUT) to detect/block malware. We needed a delicate balancing act between doing too much and too little in delivering malware testing capability to users.

The proposal that we all liked was to start with a larger pool (around 100,000) of malware provided by our partner and create an automation that would select 100 high-impact malware from different domains (like healthcare, financial), different devices (like Android, iOS, Windows) and different types (like Ransomware, Rootkits) and release them each day as a Strikepack. We also decided to classify the strikes into different subset strikes (like ransomware, mobile, Android). 

Since we want customers to download malware samples on a daily basis, we also introduced a feature and API that helps them install or uninstall samples in a few clicks so that they can incorporate it easily in their daily routines. The whole idea was to take a sample large and diverse enough to be representative of the present-day security environment. Any DUT/SUT that has higher efficacy in blocking a majority of this malware should also have similar efficacy when blocking a much larger set. 

We’ve included this daily malware service—for no additional cost—in our BreakingPoint Application and Threat Intelligence (ATI) subscription. But taking advantage of it is still additional work for customers that comes on top of the release of new applications and exploits that we publish every other week, our Evergreen service that updates popular apps to their latest revision, and three major full releases of BreakingPoint each year. Although we were a bit skeptical on how often customers would use the daily malware service, after a year that consisted of around 220 days (we don’t update on weekends or major holidays) of uploading a package of 100 malware samples per day, we counted the total downloads. 

1

Unique downloads of our daily malware packages has crossed the 10,000 mark.

In 220 days of posting daily malware service, we had 10,000+ unique downloads! Since many of our customers have chassis with multiple cards, a single download can serve all users sharing the same chassis. This means many more actual users are leveraging the daily malware than the download count. We are delighted to see this data as it indicates that many of our customers are bolstering their defenses by validating their cybersecurity regularly with our daily malware. 

If you are an active BreakingPoint ATI customer and would like to benefit from our daily malware, please login to your BreakingPoint system today and follow the below two steps to test your DUT/SUT with the latest and greatest malware. 

2

Once logged in, check if there are new updates available.

3

Clicking on the updates will take you to the daily malware and other ATI updates that you can install directly from here.