New Users
Home
Products Guide
Recommend Products
People
Hot Companies
Technology
Case Studies
Awards
About This Guide
Preventing Malicious Spyware in the Enterprise
Current Scenario: Preventing Malicious Spyware in the Enterprise is about the current state of computer security, the onslaught information-stealing malware and the short-comings of traditional security solutions. While many consumer security products have been designed to protect individual machines from malware exploits (i.e. AV), the dependence on signatures and scanning makes managing and protecting an entire enterprise challenging. The problem with today’s security landscape is that threats are continuously evolving, making signature and scanned-based solutions dated and incapable of protecting against unknown and zero-day attacks and therefore a behavioral, proactive model is needed.
Current Scenario: Preventing Malicious Spyware in the Enterprise is about the current state of computer security, the onslaught information-stealing malware and the short-comings of traditional security solutions. While many consumer security products have been designed to protect individual machines from malware exploits (i.e. AV), the dependence on signatures and scanning makes managing and protecting an entire enterprise challenging.
The problem with today’s security landscape is that threats are continuously evolving, making signature and scanned-based solutions dated and incapable of protecting against unknown and zero-day attacks and therefore a behavioral, proactive model is needed.
Tomorrow's Technology Today: As this whitepaper explores the driving forces in today’s leading security threats, it will outline the significant flaws which exist in traditional security models. Signature-based mechanisms rely on having a sample of the malicious code that unique codes can be extracted from. These threats are difficult to detect, in the first place, because of the reducing availability of samples from which signatures can be generated. Second, stealth technologies allow these programs to evade detection by most anti-virus and anti-Spyware programs—they can hide their files from the security programs so that they are not even scanned. Third, there are a number of targeted attacks that exist in this form and are customized so that even if a signature were generated, it would be worthless as the custom version would be varied enough to avoid detection. Signature-based mechanisms were originally developed over 20 years ago to defend against slowly spreading viruses, and that remains their sweet spot. With the influx of ever-changing, evolving and fast-propagating malware threats, signatures are proving to be behind the times. The alternative and more fitting technology to protecting against this wave of threats is a behavioral model, which still leaves a window of vulnerability open for potential exploits. These models typically work by constraining the behavior of applications, often using rules - rules that apply to all applications or application-specific rules that are tailored to particular known applications. The problem with rules-based solutions is that it doesn’t account for the conflicting characteristics of programs that may resemble that of a keylogger – IM for example logs your keys in order to determine when your idle, but doesn’t act maliciously. By operating only on rules, an IM application, for example, might be denied when it should be allowed. Rules-based are somewhat limiting because it looks at the behavior of executables on specific or broad applications rather then looking at the behavior of a collection of operations. A better technique to stop the malicious code is to look at many different aspects of the program behavior, and combine them to get a prediction that a particular process is malicious or not. Because the behaviors of malware don’t react in separate silos, it’s important to look at a collection of characteristics. Focusing on behavior is powerful as, unlike signature mechanisms, it can detect the malicious behavior of previously unknown malicious software. However, it is important that the behaviors are analyzed as a complete set, otherwise some software could evade detection by not exhibiting some behaviors. Sana Security has incorporated this holistic methodology in its Primary Response software to prevent malicious Spyware. By monitoring and reacting to program behavior, Primary Response prevents zero-day attacks and protects against the many variants of malware, making it essential protection for the critical gap left by signature-based products and patch updates. Primary Response detects and prevents malicious software by focusing on combinations of behaviors, and is therefore able to scale and also meet the threat posed by information stealing attacks. The solution is centrally-managed, thus reducing the excess of resources while offering protection beyond the client desktop, across the entire network.
Tomorrow's Technology Today: As this whitepaper explores the driving forces in today’s leading security threats, it will outline the significant flaws which exist in traditional security models.
Signature-based mechanisms rely on having a sample of the malicious code that unique codes can be extracted from. These threats are difficult to detect, in the first place, because of the reducing availability of samples from which signatures can be generated. Second, stealth technologies allow these programs to evade detection by most anti-virus and anti-Spyware programs—they can hide their files from the security programs so that they are not even scanned. Third, there are a number of targeted attacks that exist in this form and are customized so that even if a signature were generated, it would be worthless as the custom version would be varied enough to avoid detection. Signature-based mechanisms were originally developed over 20 years ago to defend against slowly spreading viruses, and that remains their sweet spot. With the influx of ever-changing, evolving and fast-propagating malware threats, signatures are proving to be behind the times.
The alternative and more fitting technology to protecting against this wave of threats is a behavioral model, which still leaves a window of vulnerability open for potential exploits. These models typically work by constraining the behavior of applications, often using rules - rules that apply to all applications or application-specific rules that are tailored to particular known applications. The problem with rules-based solutions is that it doesn’t account for the conflicting characteristics of programs that may resemble that of a keylogger – IM for example logs your keys in order to determine when your idle, but doesn’t act maliciously. By operating only on rules, an IM application, for example, might be denied when it should be allowed. Rules-based are somewhat limiting because it looks at the behavior of executables on specific or broad applications rather then looking at the behavior of a collection of operations. A better technique to stop the malicious code is to look at many different aspects of the program behavior, and combine them to get a prediction that a particular process is malicious or not. Because the behaviors of malware don’t react in separate silos, it’s important to look at a collection of characteristics. Focusing on behavior is powerful as, unlike signature mechanisms, it can detect the malicious behavior of previously unknown malicious software. However, it is important that the behaviors are analyzed as a complete set, otherwise some software could evade detection by not exhibiting some behaviors.
Sana Security has incorporated this holistic methodology in its Primary Response software to prevent malicious Spyware. By monitoring and reacting to program behavior, Primary Response prevents zero-day attacks and protects against the many variants of malware, making it essential protection for the critical gap left by signature-based products and patch updates. Primary Response detects and prevents malicious software by focusing on combinations of behaviors, and is therefore able to scale and also meet the threat posed by information stealing attacks. The solution is centrally-managed, thus reducing the excess of resources while offering protection beyond the client desktop, across the entire network.
Conclusion: The technology represented in this white paper provides a ground-breaking approach to securing enterprises from the host server to the end-points. Active Malware Defense Technology reduces the IT resources used to continuously scan and download signatures enabling constant uptime, enhanced performance, comprehensive data protection while ensuring business continuity.
Sana Security 2121 S. El Camino Real, Suite 700 San Mateo, CA 94403 USA Tel: 1-650-292-7000
Download the actual white paper From Info Security Products Guide site: CLICK HERE
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2006 Silicon Valley Communications - All rights reserved.
