Czech security company AVG has completed a deal to acquire Sana Security, which specializes in detecting malicious software based on its behaviour.
AVG paid cash for Sana but did not disclose the transaction value. Sana’s 14 employees will work for AVG. The deal closed last week but was just announced Tuesday, said AVG CEO J.R. Smith.
Other security vendors such as Symantec are taking a similar approach to Sana’s, looking at how applications and code behave on a PC in order to defend against the meteoric rise in the number of malicious software programs.
Anti-virus products have traditionally relied on signature-based detection of malware. Antivirus software must be updated with files, called signatures, that enable the software to identify when malicious code has infected a machine.
But signature-based detection is less favored now because there are so many different varieties of malware. Virus analysts struggle to create new signatures fast enough.
The newer way is behavioural-based detection, where the security software looks at how code acts on a PC. Sana’s technology can detect stealthy programs that start automatically and pick up on unusual network or system activity. Behavioural detection technology is seen as supplementary protection in addition to signatures.
The behavioural technology will detect so-called 0-day attacks, when a hacker exploits a previously undisclosed flaw in a software program, Smith said.
“If anything seems out of the ordinary they flag it, they identity it and they stop it,” Smith said.
The behavioural technology will be integrated into AVG’s anti-virus and Internet security products by the end of June, Smith said. The new feature will not be included into AVG’s free product, but the company could consider doing that in the future, he said.
Sana was founded in October 2000. Sana’s products are Primary Response SafeConnect, the behavioural detection malware product; Primary Response Identity Protection, used to defend against identity theft attacks; and Primary Response AirCover, a wireless security product.
The company sold the behavioural detection product as a standalone to Internet service providers, which would offer it to their customers, Smith said.