RSS Alerts

Related Stories

  • Comment: Automated security analysis – learning to love change
    Change is the only constant in security – new users, new apps, growing networks and new threats mean recurring headaches for security teams. So how can IT stay ahead of change when everything is in flux? Gidi Cohen of Skybox Security shows how
    Members' Content
  • Comment: Anti-Malware Automation Tools Save Time and Money
    IT budgets continue to be squeezed while malware challenges become more formidable each day. Matt Allen of Norman Data Defense Systems discusses how sandboxing technologies can deliver on cost-effectiveness and timeliness claims by doing high-volume malware analysis in a safe environment.
    Members' Content
  • Social Networking - A Risk to Information Security?
    As the popularity of social networking sites continues to mount, it becomes increasingly important to consider the information security risks posed in the context of a wider data loss prevention and reputation management strategy. Cath Everett reports
  • Infosecurity - the Week in Brief
    Ghost in the machine The Information Warfare Monitor published a report on GhostNet, a cyber-espionage network that it discovered after conducting a security audit for the Dalai Lama's Tibetan Government in Exile. Almost 1300 machines were discovered in a micro-botnet controlled from servers mainly in Chinese IP blocks. The 30% of machines that it identified were of high importance to Chinese interests, it found. The Dalai Lama has condemned the whole affair, and the Chinese government is denying everything.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace

News

Malware protection before infection

22 February 2008

A US Department of Homeland Security-funded research program will help deliver Endeavor Security’s new method of targeting botnet and malware attacks before hosts are infected.

The service, which runs on an Intel-based appliance running Red Hat’s Fedora operating system, has the capability to detect sophisticated threats. The malware detection and diagnosis system harnesses the preliminary traces of an attack.

By deploying a single device, the company’s Firstlight Active Malware Protection (AMP) allows companies to identify new malware threats as they traverse the wire before an infection occurs. It also blocks malware at the gateway and remediates infections by locating infected hosts inside the network.

Specifically AMP captures an image of the malware and relays it directly to anti-virus vendors. AMP also goes after the command and control channel that directs botnet and targeted attacks and stops it before it gets onto any systems. In addition, the service gives administrators a dashboard view of the current state of their network.

Christopher Jordan, Endeavor Security chief executive, told reporters AMP permits the company to see how the malware code has been modified. “It’s a brand new capability of capturing malware,” Jordan said. “We’re reverse-engineering the unknown malware we capture, with the objective to remove information on the covert channels. That lets us find infected machines already on the network.”

The system is faster at heading off new, unknown malware that existing products, according to Endeavor Security. The new technology detects the preliminary traces of an attack and provides companies with a way to prioritize malware protection. The technology also provides real-time threat intelligence including new malware, exploits, attack origin and attack trend information.

Endeavor Security is currently running the technology along with its existing IDS/IPS signatures on its own decoy network.

Endeavor Security said customers use its portal to access the latest information on emerging threats. The portal allows companies to track threat activity, identify infected machines and compare global activity with activity on the company’s network.

The service was developed under the DHS’s Small Business Innovation Research (SBIR) program and Endeavor Security is rolling out the technology as a software-as-a-service offering. The technology, which is available now, was presented at a DHS system integrator forum on yesterday (February 21). The event showcased several new security solutions funded by the DHS Science and Technology unit which are aimed to remediate federal and commercial cyber security vulnerabilities.

For example, vulnerability analysis tools that model cyber network penetration, based on the network configuration and known vulnerabilities and produce a view of all potential multi-step attacks through the network, will also be highlighted.

 

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water