Software Engineering Institute

A quantum approach to malware eradication addresses the needs of organizations, which are facing a shortage of cybersecurity staff and resources, to tackle the increasing and dynamic cyber threat they are facing in a distributed and mobile computing environment. This approach closes the existing security gap and provides entities with a layer of security and protection between end-users and the Internet. It also provides a new sensing capability to provide a novel vantage point for threats in near real-time while sharing that visibility through standardized methodologies. The quantum approach to malware eradication inverts current common practices through the rewrite of binaries and documents to drive inbound and outbound files into compliance with permitted behaviors—an organization’s pre-established file risk parameters. This approach borrows from a variety of reductionist models introduced over the last few decades across the physical, biological, and social sciences to analyze, describe, and at times control the emergent properties of complex adaptive systems at their most fundamental, constituent levels.

Positing that a file, including its content and behavior, emerges from the complex interactions of its constituent parts, the approach reduces it to predictable building blocks and then regenerates them in accordance with a controlled, pre-established rule set without an impact on content but with risk-based behavior controls. Interdicting files before they reach an endpoint, the quantum approach offers the opportunity to significantly reduce the vulnerability introduced into enterprises by the human user, who is susceptible to a variety of social engineering attacks. It is the ultimate “left of boom” method that eliminates as much malware as all retroactive detection methods combined with no human interaction. Combining these methods is the future. It is scalable such that small- and medium-sized organizations can afford it, and it is flexible such that it can be applied across multiple use cases.