Malware Early Warning (MEW)

Malware Early Warning

Cybersecurity solutions often rely heavily on identifying and mitigating known vulnerabilities and Common Vulnerabilities and Exposures (CVEs) to combat malware.

While this approach provides a foundational level of security, it has significant limitations that can leave organizations vulnerable to sophisticated and zero-day attacks.

Relying on CVEs means these solutions primarily react to known threats. New and unknown vulnerabilities, often named zero-day exploits, can remain undetected until a CVE is published. According to some reports, an average of 80% of successful breaches involve new or unknown "zero-day attacks". These attacks exploit undisclosed vulnerabilities or use new/polymorphic malware variants.

Organizations may feel secure because they have addressed all known CVEs. Still, without comprehensive security measures, they remain at risk from unknown threats and sophisticated malware that does not rely on known vulnerabilities. According to the 2023 IBM X-Force Threat Intelligence Index, 29% of security incidents involved malware that exploited unknown or zero-day vulnerabilities, underscoring the limitations of a CVE-focused approach.

In addition to SCA features (see Open Source Security), Xygeni offers a Malware Early Warning (MEW) Service designed to raise alerts for suspicious packages. This service proactively protects your software supply chain and supports the implementation of security gates to block malware threats before they infiltrate your application.

Key Benefits of the Early Warning Service:

  • Proactive Malware Blocking: Detect and block zero-day malware as soon as new packages are published, preventing malicious code from entering your development environment.

  • Immediate Notifications: Receive real-time alerts through standard Xygeni mechanisms, enabling rapid response to mitigate risks.

  • Comprehensive Threat Review: Security researchers review suspicious packages, and findings are confirmed with public registries to ensure accurate threat assessment. Our customers can review them in our Web UI.

  • Public Disclosure and Community Protection: Confirmed threats are publicly disclosed to inform the wider community and prevent re-entry into the ecosystem.

Last updated