One thing that especially excites me about being at Immunet is that we have taken a data driven approach from the onset. That approach allows us to gain incredible visibility into threat landscape trends. Over the next few posts, I thought I’d describe some of the data we’re seeing in the field.
In this particular post, I’d like to dive specifically into user infection rates. This topic is particularly relevant since I’ve seen many claims about this topic, some of which are outlandish and others which are actually realistic (even though they ostensibly appear outlandish). To get a handle on it, I went through Immunet’s data store, focusing specifically on the period between August 15, 2010 and October 15, 2010 (i.e., a two month window), to see how many users had N or more threats blocked. The results are charted below.
As of October 15, 2010, Immunet had 580,000 users. First, a whopping 39.11% of Immunet’s user base during this period had at least one blocked infection. That number is staggering. On the extreme side of things, about 5% of our users had 20 or more infections. This subset clearly comprises users who consistently engage in the kinds of behaviors that get them infected (e.g., failing to patch their systems and applications, continuously opening attachments, clicking on suspicious links, etc.). It’s important to note that since we have new users constantly joining (and since these users may not have been around long enough to have encountered a threat), the results are skewed and the situation is even worse than what might appear.
What is quite alarming about these numbers is that they most likely represent users who, on average, are more security conscious. After all, our users are running AntiVirus software. Furthermore, because our software can run in companion mode (and because our agent is lightweight), many of our customers actually run Immunet Protect alongside existing AntiVirus software. So, in terms of being security conscious, our users (on average) are quite possibly the cream of the cream of the crop.
Now, consider that the number of people on the Internet as a whole will likely surpass 2 billion by the end of this year. Based on our assessments, about half of users overall don’t run any AntiVirus software at all. If you assume that of these, half will get infected (which is quite conservative based on the 39.11% number we gave above), then you are looking at 500,000,000 users whose machines will be actively infected. With these kinds of numbers it’s clear that the bad guys will be dealing with a more substantial big data problem than even we have to handle!