Proactive Protection Against New and Emerging Threats. Solution Brief

Similar documents
Advanced Threat Control

Security Gap Analysis: Aggregrated Results

ABOUT LAVASOFT. Contact. Lavasoft Product Sheet: Ad-Aware Free Antivirus+

Kaspersky Open Space Security

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

About Lavasoft. Contact. Key Facts:

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Kaspersky Internet Security - Top 10 Internet Security Software in With Best Antivirus, Firewall,

QUICK START GUIDE. Microsoft Windows 10 / 8.1 / 8 / 7 / Vista / Home Server Click here to download the most recent version of this document

FOR macos. Quick Start Guide. Click here to download the most recent version of this document

What s New in Version 3.5 Table of Contents

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

escan Security Network From MicroWorld Technologies Anti-Virus & Content Security

Defend Against the Unknown

Product Line Guide Corporate Antimalware PLUS Network Visibility PLUS Systems Management

FILELESSMALW ARE PROTECTION TEST OCTOBER2017

Panda Security 2010 Page 1

Single Product Review. escan Internet Security 11. Language: English September 2010 Last revision: 13 nd October

Symantec Endpoint Protection 14

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Antivirus Technology

NetDefend Firewall UTM Services

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

To Catch A Thief. Sam Curry Chief Technology Officer RSA, The Security Division of EMC

Best Practical Response against Ransomware

ANATOMY OF AN ATTACK!

Quick Heal Total Security

Symantec Protection Suite Add-On for Hosted Security

Discount Kaspersky PURE 3.0 internet download software for windows 8 ]

BUFFERZONE Advanced Endpoint Security

THE ACCENTURE CYBER DEFENSE SOLUTION

Building Resilience in a Digital Enterprise

Machine-Powered Learning for People-Centered Security

BUFFERZONE Advanced Endpoint Security

CA Security Management

Evolution of Spear Phishing. White Paper

Case Study. Top Financial Services Provider Ditches Detection for Isolation

SentinelOne Technical Brief

with Advanced Protection

ESET NOD32 ANTIVIRUS 8

ESET NOD32 ANTIVIRUS 7

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

QUICK START GUIDE. Microsoft Windows 10 / 8.1 / 8 / 7 / Vista / Home Server Click here to download the most recent version of this document

Mapping traditional AV detection failures. October 2017

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

What is Zemana AntiLogger?

Zillya Internet Security User Guide

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Invasion of Malware Evading the Behavior-based Analysis

Kaspersky Security Network

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Antivirus: Proactively detects and disables more known and even unknown new malware threats than any other security product.

Unmask Evasive Threats

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

3.5 SECURITY. How can you reduce the risk of getting a virus?

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

Kaspersky Mobile Security 9. Reviewer s Guide

Beyond Firewalls: The Future Of Network Security

Reducing the Cost of Incident Response

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

Cyber fraud and its impact on the NHS: How organisations can manage the risk

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Cracked BitDefender Security for File Servers 2 Years 55 PCs pc repair software for free ]

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

TITLE FIELD OF THE INVENTION BACKGROUND OF THE INVENTION

Achieve deeper network security

ENDPOINT SECURITY FOR BUSINESS: TECHNOLOGY IN ACTION

User Guide. This user guide explains how to use and update Max Secure Anti Virus Enterprise Client.

Automated Context and Incident Response

IT & DATA SECURITY BREACH PREVENTION

MESSAGING SECURITY GATEWAY. Solution overview

Endpoint Protection : Last line of defense?

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

User s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

(Botnets and Malware) The Zbot attack. Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth

Free Download BitDefender Client Security 1 Year 50 PCs softwares download ]

RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

GFI product comparison: GFI MailEssentials vs. Barracuda Spam Firewall

Intelligent Protection

Real Security. In Real Time. White Paper. Preemptive Malware Protection through Outbreak Detection

Office 365 Buyers Guide: Best Practices for Securing Office 365

Reduce Your Network's Attack Surface

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Avira AntiVir Server

Transcription:

Proactive Protection Against New and Emerging Threats Solution Brief

Executive Summary With new and variant strains of malware emerging at an unprecedented rate, heuristic malware detection has become an increasingly critical line of defense against threats for many organizations. BitDefender Active Virus Control is an innovative proactive technology which uses advanced heuristic methods to achieve extremely high detection rates of new and unknown viruses. This white paper explains why such protection is necessary for corporate networks and provides a technological overview of the detection methodologies used by BitDefender solutions. The State of Malware Keeping computers secure and protected against viruses and other forms of malware has never been harder for IT administrators. With more than half a million new and variant strains of malware emerging each month, tracking and mitigating each threat has become an enormously challenging task for both security vendors and IT administrators alike. Compounding the problem is the fact that both malware and the mechanisms used to deliver it have become increasingly sophisticated. Trusted websites can be compromised and used to launch complex script-based attacks that cycle through multiple exploits, advanced packaging methods are deployed in order to conceal malicious payloads, and rootkits are used to make malware completely invisible to both the operating system and security software. Malware can also actively disable known security software at the time of install and during operation by constantly trying to overwhelm or kill antivirus or software firewall processes without drawing attention to the fact that the system is infected. Additionally, social networking websites, such as Facebook, MySpace and Twitter, provide cybercriminals with new opportunities for exploitation. Because many of these social networking sites have become part of the business environment, it enables malware to spread faster in the network than ever before. Whereas a virus may once have taken days or even weeks to propagate, it can now reach millions of computers in hours. Combined, these factors make it exceptionally difficult to effectively detect and block malware using conventional methods and technology. Profits up the Ante The driver for the increase in the volume and complexity of malware has been money. In the past, viruses were created by teenagers in order to earn notoriety; today, malware is created by criminals in order to earn a living. And there are substantial sums to be made. Spam, phishing, pump-and dump schemes and data-stealing Trojans and keyloggers can net their creators enormous amounts of money. To put it simply, malware has evolved into multimillion dollar, multinational industry. This commercialization has also resulted in a significant change in the nature of malware. Whereas old-style viruses made no effort to conceal their presence on a system, today s malware 2

is much stealthier and often uses sophisticated technology in order to remain hidden. The longer malware can remain undetected, the more likely it is to be able to successfully steal personal information or to be able to continue to cause the compromised computer to act as a spambot. What does this mean? If a computer within the network becomes infected with malware, IT administrators may well never know about it until, that is, infected users notice unexplained system errors and application crashes, performance issues, or your customer database appears on a hacking site somewhere on the Internet. Furthermore, as cyber-criminals are able to use their enormous profits to fund malware development, a vicious circle has been created: the more money the criminals make, the better their malware becomes; and the better their malware becomes, the more money the cybercriminals make. For example, in November 2009, the FBI s Internet Crime Complaint Center (IC3) issued an intelligence note warning that sophisticated malware has been used to harvest corporate online banking credentials and that, As of October 2009, there has been approximately $100 million in attempted losses. With such enormous sums at stake, it is obvious that the criminals have both the motivation and the financial means to develop ever better malware. Heuristics: Detecting Tomorrow s Threats Today As mentioned previously, the exponentially increasing volume of malware creates real challenges for security vendors: ensuring a timely response to each new and variant strain of malware to emerge is, as you can probably imagine, far from easy. And yet it is absolutely critical that the response be timely with malware able to spread so rapidly, a slow or delayed response could lead to an enormous number of computers being compromised. The real problem, however, is that no matter how speedily vendors respond, there is always a gap between the time that a new threat is released into the wild and the time that end-users computers are immunized against that threat via the release of a signature. This gap represents a window during which systems remain vulnerable and, with more than half a million new and variant strains of malware emerging each month, the number of such windows has become substantial! Heuristics is a form of proactive detection that closes the window during which computers are vulnerable. Conventional detection relies on signatures. These signatures are snippets of code extracted from actual malware samples and are used by antivirus programs to perform pattern matching. The problem with this method is that it takes time to produce the signature: antivirus vendors need to obtain a sample of the malware, develop a signature and then push that signature to users and this leads to the creation of the window mentioned above. Heuristic detection also relies on signatures but rather than being simple fingerprints, these signatures specify actual behaviors which may indicate that an application is malicious. This works because malicious programs inevitably attempt to perform actions that legitimate applications do not. Examples of suspicious behavior would include attempting to drop files, disguise processes, replication or executing code in another process s memory space. Because heuristic scanners look for behavioral characteristics rather than relying on simple pattern-matching, they are able to detect and block new and emerging threats for which a signature or fingerprint has yet to be released. 3

In order to protect the operating system and file structure from attack, the majority of heuristic scanners, including the BitDefender B-HAVE heuristic engine, temporarily delay applications from starting while the code is executed in a virtual environment that is completely isolated or sandboxed - from the real computer. If no suspicious behavior is observed, the computer is instructed to start the application normally. If, on the other hand, suspicious behavior is observed, the computer is instructed to block the program. The entire process happens in fractions of a second--havingpractically no impact on either the user s experience or performance. While this approach certainly enhances security considerably, it nonetheless has a couple of shortcomings. Firstly, programs can only be run in the virtual environment for a short period as, obviously, it would not be acceptable to delay launch by any substantial amount of time. This means that malware can avoid detection simply by delaying performing any malicious actions. Secondly, a program that has already been checked (and is, therefore, trusted) could be exploited and either modified in-memory, while running, or used to launch a malware process with its own credentials. To address these shortcomings, BitDefender has introduced a new technology since its 2010 consumer product line. Active Virus C ontrol: Heuristic Detection Advances to the Next Level Active Virus Control has been introduced starting from the BitDefender 2010 consumer product line, which includes BitDefender Antivirus 2010, BitDefender Internet Security 2010, and BitDefender Total Security 2010. Active Virus Control has also been added to BitDefender business solutions starting from BitDefender Client Security version 3.5. In order to provide maximum security, all BitDefender products use a four-step scanning sequence: Step 1: Each time a file is accessed, copied or downloaded via the Web, e-mail or Instant Messenger, the file is intercepted by either the BitDefender File System driver or the appropriate proxy and sent for scanning. Step 2: The file is checked against the BitDefender Signature Database (a database of malware fingerprints ) that is continually updated on an hourly basis. If the file contents match one of the signatures, the product automatically tries to disinfect the virus. If this action fails, the file is moved to the quarantine folder. If no signature is matched, the file is passed to B-HAVE to be checked. Step 3: B-Have checks the file by running it in a virtual environment inside the BitDefender Engine. If the file exhibits suspicious, malware-like activity, B-Have reports the file as malicious. If not, the file is declared clean and the relevant process is allowed to run. Step 4: Active Virus Control monitors the actions of the processes (specific processes) as they are running on the computer. It looks for signs specific to viruses and gives a certain score for each of these actions. When the overall score for a process reaches a given threshold, the process is reported as harmful and, depending on the user profile, it is either terminated or the user is prompted to specify the action that is to be taken (depending on the mode in which BitDefender is being run). 4

Figure 1: The BitDefender Scanning Sequence Unlike B-HAVE and other heuristic scanners, Active Virus Control monitors everything applications do for as long as they are active and so cannot be defeated by the delaying tactics that some advanced malware deploys. Additionally, this constant monitoring also prevents malware from exploiting or hijacking already trusted applications. How Active Virus Control Works: A Technology Overview Active Virus Control continuously monitors all running applications and processes, except: Processes specifically excluded from monitoring by the user (white-listed processes). System processes such as crss.exe, lsass.ese or smss.exe that are known to be clean. All processes loaded before the Security Service (vsserv.exe). Figure 2: AVC Process Monitoring and Threat Response 5

Applications and process are continuously monitored for as long as they are active for signs of suspicious, malware-like activity, including: Not waiting for or requesting any form of user interaction Not displaying any type of user interface when executing or terminating the execution Copying or moving files in C:\Windows\ or C:\Windows\System32\ Having an unrelated type of icon - for example, a process that has a folder icon Executing code in another processes space in order to run with higher privileges Running files that have been created with information stored in the binary file Self-replicating Creating an auto-start entry in the registry Attempting to hide from process enumeration applications Dropping and registering drivers in C:\Windows\System32\ As legitimate applications will sometimes perform one or more of these actions (such as creating an auto-start entry), Active Virus Control does not determine a process to be malicious based on any single action; instead, it keeps a running score and only categorizes an application as malicious when a certain threshold is reached. This minimizes the incidence of misidentifications (false positives) avoiding unnecessary intervention by the user. Greatly Increased Detection Rate of Evasive Stealth Malware In Internet testing, 63.5% of the malware samples which were not detected by either the standard BitDefender scanning engine or by B-HAVE were detected by Active Virus Control. Given that B-HAVE is one of the most advanced and effective heuristic scanning engines on the market, it is clear that Active Virus Control has the ability to provide substantially better protection than other solutions and to drastically reduce the risk of a system being compromised by a new or emerging threat. Conclusion The cyber-criminals who create malware have become increasingly sophisticated in terms of the methods that they use in order to minimize the likelihood of their malicious programs being detected by heuristic scanners. Some malware is even able to detect when it is being run inside a virtual machine and delay displaying performing any malicious actions until it has determined to be clean and launched in the real computing environment. Compounding the challenge is the fact that determining whether or not an application is malicious based on the actions it performs is a far from straightforward process. For example, an application that will erase the hard disk may be a perfectly legitimate system tool. However, if that application attempts to mislead users into running it back - masquerading as an image or some other harmless type of file - then it may well be malware. Active Virus Control is BitDefender s response these challenges. It represents a brand new layer of security between the Operating system and potentially malicious code, providing corporate users and IT administrators with a previously unprecedented degree of protection. 6

About BitDefender BitDefender is the creator of one of the industry s fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe - giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company s security solutions press room. Additionally, BitDefender s www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware. About BitDefender Active Virus Control BitDefender Active Virus Control is an innovative proactive detection technology which uses advanced heuristic methods to detect new potential threats in real time. It monitors each program running on your PC, as it executes, and notes malware-like actions. If enough such actions are detected, the program which performed them is declared harmful. Unlike any other heuristic technology that only checks fi les when they are accessed or first started, Active Virus Control monitors everything applications do as long as they are active. Download Trial Versions of BitDefender Business Solutions at www.bitdefender.com/business 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback