White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security



Similar documents
SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Spear Phishing Attacks Why They are Successful and How to Stop Them

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

The Advanced Cyber Attack Landscape

Fighting Advanced Threats

Securing Cloud-Based

The Ostrich Effect In Search Of A Realistic Model For Cybersecurity

SECURITY REIMAGINED. FireEye Network Threat Prevention Platform. Threat Prevention Platform that Combats Web-based Cyber Attacks

Big Threats for Small Businesses

The Hillstone and Trend Micro Joint Solution

Today s New Breed of -based Cyber Attacks and What it Takes to Defend Against Them

SPEAR-PHISHING ATTACKS

A New Approach to Assessing Advanced Threat Solutions

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

FireEye App for Splunk Enterprise

Types of cyber-attacks. And how to prevent them

WildFire. Preparing for Modern Network Attacks

Advanced Cyber Threats in State and Local Government

Advanced Threat Protection with Dell SecureWorks Security Services

Winning the Cyber Security Small-Medium Business Opportunity. Steve Pataky VP, WW Channels & Alliances

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

The Symantec Approach to Defeating Advanced Threats

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

SPEAR PHISHING AN ENTRY POINT FOR APTS

Unified Security, ATP and more

5 Design Principles for Advanced Malware Protection

ENABLING FAST RESPONSES THREAT MONITORING

Cisco Advanced Malware Protection for Endpoints

Defending Against Cyber Attacks with SessionLevel Network Security

Advanced Targeted Attacks

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

WHITE PAPER ADVANCED TARGETED ATTACKS: How to Protect Against the New Generation of Cyber Attacks SECURITY REIMAGINED

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Content Security: Protect Your Network with Five Must-Haves

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

IBM Security re-defines enterprise endpoint protection against advanced malware

Symantec Advanced Threat Protection: Network

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Comprehensive Advanced Threat Defense

10 Things Every Web Application Firewall Should Provide Share this ebook

Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

Analyzing HTTP/HTTPS Traffic Logs

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

On-Premises DDoS Mitigation for the Enterprise

How To Buy Nitro Security

Content-ID. Content-ID URLS THREATS DATA

Getting real about cyber threats: where are you headed?

Enterprise Security Platform for Government

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Carbon Black and Palo Alto Networks

Palo Alto Networks. October 6

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

CISO Guide to Next Generation Threats

24/7 Visibility into Advanced Malware on Networks and Endpoints

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Cisco Advanced Malware Protection

Threat Landscape. Threat Landscape. Israel 2013

STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE

Cisco Advanced Malware Protection for Endpoints

How To Create An Insight Analysis For Cyber Security

Breaking the Cyber Attack Lifecycle

CA Host-Based Intrusion Prevention System r8.1

CYBER ATTACK DEFENSE A KILL CHAIN STRATEGY WHITE PAPER

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

Bio-inspired cyber security for your enterprise

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Cyber and Operational Solutions for a Connected Industrial Era

Overcoming Five Critical Cybersecurity Gaps

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Achieve Deeper Network Security

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

CyberArk Privileged Threat Analytics. Solution Brief

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Transcription:

White Paper Advantage FireEye Debunking the Myth of Sandbox Security

White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3 Lack of multi-vector analysis 4 Nonexistent or outdated information-sharing infrastructure 4 Privacy, compliance and latency concerns of cloud 4 FireEye Platform Overview 4 Summary 6 About FireEye, Inc. 6 FireEye, Inc. Advantage FireEye: Debunking the Myth of Sandbox Security 2

The Myth of Sandbox Security Organizations are under assault by a new generation of cyber attacks that easily evade traditional defenses. These coordinated campaigns are targeted. They are stealthy. And they are persistent. Many exploit zero-day vulnerabilities and orchestrate attacks across multiple vectors. The threat actors behind these attacks are dead set on finding your weaknesses, targeting their way into your systems, and stealing your data. Guarding against these advanced threats demands a fundamentally different approach. Organizations need a defense that does not rely on mere malware signatures. Aware that their backward-facing defenses fall short, several IT security vendors are touting their sandbox products. But rather than adopting a truly fresh approach, most are merely grafting a sandbox onto their legacy strategies, which routinely fail to catch these attacks. While sandboxing advances the signature-based approach of the past, these new attempts fail due to the same old flaws. Simply put, the underlying architecture does not lend itself to catching the zero-day, stealthy, and persistent malware. Commercial sandbox evasion First, many sandbox approaches rely on widely available hypervisors. Threat actors have access to these hypervisors including source code in some cases and write their malware to exploit or evade them. 1 Using a variety of evasion techniques, sandbox-aware malware simply lies dormant when executing in a sandbox environment. Detecting no unusual activity, many sandboxes let the malware pass. Lack of multi-flow analysis and exploit detection Second, most sandbox approaches use file-level analysis. This approach has several flaws. Targeted malware is programmed to activate on specific system configurations. File analysis in a generic system may miss such malware, leading to a false sense of security. In other cases, malware files package and morph themselves to evade simple file analysis. A typical attack follows this cycle: a) exploit b) callback c) malware download d) data exfiltration Detecting the exploit is critical to catching advanced threats because the subsequent phases can be hidden or obscured. File-level analysis focuses on downloaded files and may miss the exploit phase, resulting in false negatives. An effective threat protection platform must be able to catch exploits even when the ensuing file download occurs over obfuscated channels. 1 http://www.securityweek.com/its-time-think-outside-sandbox FireEye, Inc. Advantage FireEye: Debunking the Myth of Sandbox Security 3

Lack of multi-vector analysis Third, exploits often use a combination of vectors to lure unsuspecting targets for example, phishing emails with Web links. If a security product cannot capture the exploit across this spectrum, the target remains vulnerable and the insights incomplete. Effective protection involves not just tracking attacks across vectors, but also sharing this information in real time across systems to guard against multivector attacks. Nonexistent or outdated information-sharing infrastructure Fourth, sandboxes lack the detailed insights that integrate information gathered from around the globe. Many advanced attacks are part of a broader campaign against similar targets elsewhere. Without the benefit of real-time information about these quickly evolving campaigns and morphing attacks, sandbox analysis gets only part of the story. Privacy, compliance and latency concerns of cloud Finally, several vendors are hawking cloud-based sandboxes. This approach tends to create privacy, compliance, and regulatory challenges. Cloud-based defenses also increase load to the WAN infrastructure and due to added latency response times. These failings make cloud-based sandboxes impractical against today s advanced cyber attacks. FireEye Platform Overview The FireEye threat protection platform forms a cross-enterprise fabric to guard enterprises, small and medium businesses, and governments from a new generation of cyber attacks. The FireEye platform combines these pieces for truly effective security: Virtual-execution based detection engine Cloud-based dynamic threat intelligence Intra-enterprise intelligence sharing among FireEye nodes and an ecosystem of partners FireEye products use a hypervisor built for the sole purpose of detecting and blocking threats. The FireEye Multi-Vector Virtual Execution (MVX) engine explicitly isolates data in a proprietary hypervisor to prevent malware from detecting and escaping from the virtual execution engine. This multi-vector, multi-flow virtual execution model also extracts a rich layer of information about the attack. This detail ensures global protection with near-zero false positives and false negatives. With the FireEye Dynamic Threat Intelligence (DTI) cloud, participating FireEye nodes across the world also share malware intelligence in real time. Nodes within and across enterprises are automatically updated so that they are prepared to combat new modes and variants of attacks. To maintain customer privacy, any data shared with the DTI cloud is anonymized and optional. This powerful combination secures major threat vectors and closes the gap left by traditional defenses. The growing sophistication of today s attacks demands enhancing security with this fundamentally new security model. FireEye, Inc. Advantage FireEye: Debunking the Myth of Sandbox Security 4

The FireEye platform, illustrated in Figure 1, is a new model of security against known and unknown attacks. It uses the groundbreaking MVX engine coupled with the FireEye DTI cloud, FireEye DTI Enterprise, with an ecosystem of partners to enrich the security framework of any organization. The FireEye MVX engine automates discovery and forensic analysis of malicious code with dynamically generated threat intelligence. This intelligence protects against inbound exploits, blocks outbound data exfiltration, and provides detailed forensics on malware and its impact on end systems. The FireEye MVX technology is also highly adaptable, protecting against a variety of threat vectors to stop web-, email-, and file-based attacks. The FireEye MVX infrastructure also generates and shares structured threat intelligence in a machine-accessible format for real-time, automated threat responses by FireEye and third-party security solutions. Using the FireEye MVX engine, organizations can identify a threat using one vector (such as email) and automatically block subsequent stages of the attack in another vector (such as exfiltration over the Web). And unlike traditional defenses, FireEye correlates these individual incidents for greater situational awareness. The FireEye platform enables security professionals to discover zero-day, stealthy, and persistent malware. With FireEye, organizations have the power to block infiltration attempts in real-time and neutralize cyber attacks before they cause catastrophic damage. Figure 1: FireEye Platform FireEye, Inc. Advantage FireEye: Debunking the Myth of Sandbox Security 5

Summary Competitive sandbox solutions fall short on various fronts for today s new generation of cyber attacks because of the following: Commercial sandbox evasion Lack of exploit detection Lack of multi-flow and multi-vector analysis, and Non-existent or legacy information sharing infrastructure Cloud-based sandboxes add further constraints that render them impractical to protect against the new generation of cyber attacks because of the following: Privacy, regulations, and compliance constraints in sending files off-premises Increased load on WAN infrastructure Added latency in responsiveness The FireEye platform serves as a new model for threat protection with the following: Groundbreaking Multi-Vector Virtual Execution (MVX) technology that monitors an attack throughout its life cycle A purpose-built hypervisor to detect and block threats Multi-vector, multi-flow model to guard against stealthy, zero-day, and persistent threats Dynamic Threat Intelligence (DTI) cloud to enable cross-enterprise security Intra-enterprise intelligence sharing among FireEye nodes and ecosystem of alliance partners to enable multi-layered security About FireEye, Inc. FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors, including Web, email, and files and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,000 customers across more than 40 countries, including over 100 of the Fortune 500. 2013 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. WP.DMSS.EN-US.092013 FireEye, Inc. Advantage FireEye: Debunking the Myth of Sandbox Security 6 FireEye, Inc. 1440 McCarthy Blvd. Milpitas, CA 95035 408.321.6300 877.FIREEYE (347.3393) info@fireeye.com www.fireeye.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information