Trends in Zero-Day Kernel Exploits and Protection 2015

Similar documents
Report. Bromium: Endpoint Protection Attitudes & Trends Increasing Concerns Around Securing End Users

Making Windows Secure by Design

Endpoint Security Transformed. Isolation: A Revolutionary New Approach

Report. Black Hat 2015: State of Security. Endpoint Risk Overshadows All Others

The Psychology of (In)Security

Making Client-side Java Secure with Bromium vsentry

Bromium vsentry. Defeat the Unknown Attack

Practical Threat Intelligence. with Bromium LAVA

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Tech Throwdown: Invincea FreeSpace vs. Micro-Virtualization

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Host-based Intrusion Prevention System (HIPS)

Anti-exploit tools: The next wave of enterprise security

End to End Security do Endpoint ao Datacenter

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Fighting Advanced Threats

Endpoint Security More secure. Less complex. Less costs... More control.

The Challenge of a Comprehensive Network Protection. Introduction

The Cyber Threat Landscape

The Hillstone and Trend Micro Joint Solution

IBM Security re-defines enterprise endpoint protection against advanced malware

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Symantec Endpoint Protection

VALTX ABSOLUTE SECURITY

Endpoint Security 2.0: The Emerging Role of Application Whitelisting Solutions. Todd Schell

Endpoint protection for physical and virtual desktops

Symantec Endpoint Protection

McAfee Deep Safe. Security beyond the OS. Kai-Ping Seidenschnur Senior Security Engineer. October 16, 2012

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Carbon Black and Palo Alto Networks

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

AppGuard. Defeats Malware

Evolving Threat Landscape

McAfee Server Security

Endpoint Security: Moving Beyond AV

McAfee Network Security Platform

End-user Security Analytics Strengthens Protection with ArcSight

Integrated Protection for Systems. João Batista Territory Manager

Breaking the Cyber Attack Lifecycle

Symantec Endpoint Protection

Cisco Advanced Malware Protection for Endpoints

McAfee Security Architectures for the Public Sector

Securing OS Legacy Systems Alexander Rau

Background. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost.

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?

Persistence Mechanisms as Indicators of Compromise

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Securing the endpoint and your data

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices

Advanced Endpoint Protection

Effectiveness of blocking evasions in Intrusion Prevention Systems. White Paper. April, Konstantinos Xynos, Iain Sutherland, Andrew Blyth

Big Data Analytics in Network Security: Computational Automation of Security Professionals

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Enterprise Cybersecurity: Building an Effective Defense

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Symantec Endpoint Protection

Cisco Advanced Malware Protection

Endpoint Security for DeltaV Systems

Windows XP End-of-Life Handbook for Upgrade Latecomers

Chapter 1: Your relationship with risk

Data Sheet: IT Compliance Payment Card Industry Data Security Standard

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Windows Vista: Is it secure enough for business?

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Critical Security Controls

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Top five strategies for combating modern threats Is anti-virus dead?

What is Next Generation Endpoint Protection?

SANS Top 20 Critical Controls for Effective Cyber Defense

Endpoint Security Technology A 360 View of the Buying Process

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Protection Against Advanced Persistent Threats

SPEAR PHISHING AN ENTRY POINT FOR APTS

Building A Secure Microsoft Exchange Continuity Appliance

2012 Bit9 Cyber Security Research Report

Cyber Security Solutions:

Optimizing Windows Security Features to Block Malware and Hack Tools on USB Storage Devices

Secure Your Mobile Workplace

5 Steps to Advanced Threat Protection

Spear Phishing Attacks Why They are Successful and How to Stop Them

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Development of Technology for Detecting Advanced Persistent Threat Activities

Security Services. 30 years of experience in IT business

Does your Citrix or Terminal Server environment have an Achilles heel?

Cloud Services Prevent Zero-day and Targeted Attacks

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Transcription:

Trends in Zero-Day Kernel Exploits and Protection 2015 Overview of Key Protection Technologies and Their Limitations in Dealing With Zero-Day Kernel Attacks

Executive Summary Legacy security solutions rely on outdated detection-based technologies which can only succeed in stopping known attacks, but ultimately fail at detecting true zero-day attacks. Zero-day kernel exploits are a threat, whether delivered via Internet connect, network share or USB removable media. In the first half of 2015, there were 26 Windows kernel vulnerabilities reported. Customers worried about the most advanced attacks that use OS kernel exploits, or physical ingress over USB removable media infections, must consider a containment solution like Bromium. Zero-Day Kernel Threats Despite all of the industry hype touting new and improved detection methods to protect against zero-day attacks and advanced persistent threats (APTs), enterprises continue to be compromised via the endpoint, resulting in the costly (and in some cases, irreparable) theft of sensitive data. This happens because legacy security solutions rely on outdated detection-based technologies (such as signatures, heuristics and behavior analytics), which can only succeed in stopping known attacks, but ultimately fail at detecting true zero-day attacks. Here is a brief overview of key protection technologies and their limitations in dealing with zero-day kernel attacks. 2

Legacy network and endpoint defenses have limitations dealing with zero-day kernel attacks. Network Protection SECURITY TECHNOLOGY WHAT IT DOES LIMITATIONS IN BLOCKING OR DETECTING ZERO-DAY EXPLOITS Intrusion prevention system (IPS) (IBM, McAfee Network Security Platform, Cisco, et. al.) Defends networks against known attacks that have signatures by detecting and blocking in the network Can t block without a signature Needs to be implemented at every ingress/egress access point Success depends on a high degree of detection accuracy Costly, complex and noisy, especially for geographically distributed networks Network sandboxing (Damballa, FireEye, McAfee, et. al.) Detects infiltrations from targeted attacks, after the attack is in the network Does not stop or remediate threats to endpoints Costly and noisy Requires expert-level security personnel constantly monitoring all network events Web content filtering (Websense, McAfee, BlueCoat, et. al.) Blocks access to known malicious websites to protect against Web exploits and Trojan attacks Only blocks known, malicious IP addresses Needs to be implemented at every ingress/egress access point Protection is diminished for mobile users and partners accessing retail network 3

Endpoint Protection SECURITY TECHNOLOGY Antivirus and other detection-based solutions (Symantec, McAfee, Kaspersky, Trend Micro, Sophos, et. al.) Behavioral blocking systems (HIPS) (Palo Alto Networks TRAPS, Symantec, McAfee, etc.) Hardware-enhanced detection (McAfee Deep Defender) Application whitelisting (Bit9, McAfee Application Control) Software sandboxing (Invincea (Dell Protected Workspace), Sandboxie, Trustware) Hardware-enabled isolation via micro VM (Bromium) WHAT IT DOES Detect known threats on endpoints Intercepts many zeroday attacks in real time by detecting common behaviors Loads as a boot driver and looks for rootkit behaviors Controls which applications are allowed to install and run by matching authorized programs (the whitelist) to a list of good applications. Can be an effective way to block malicious programs in locked-down terminals Creates a sandbox environment within the Windows OS to analyze execution of untrusted applications. Restricts the memory and file system resources of the untrusted application by intercepting system calls that could lead to access to sensitive areas of the system being protected Isolates every user task in a hardware-based micro-vm LIMITATIONS IN BLOCKING OR DETECTING ZERO-DAY EXPLOITS Cannot keep up with the rapid influx of new threats and variants Can t block without a signature Has a chance to catch a zero-day attack, but can still miss many advanced threats High operations overhead to configure and maintain Only detects/blocks some kernel mode rootkits. Does not block user-mode rootkits Blocks users from downloading and using new tools and programs without IT involvement Successful on servers, which don t change often, but is largely unusable on end-user systems Advanced malware can bypass any sandbox to take advantage of a kernel-mode vulnerability User-mode malware can escape from any sandbox, permitting it to elevate its privileges and disable or bypass other forms of endpoint protection and compromise endpoints, including data theft No known limitations in defeating zero-day kernel exploits 4

Bromium vsentry focuses on protection, and is able to defeat both known and unknown attacks using micro-virtualization combined with hardware-enforced, task-level isolation. As a result, untrusted content associated with each user task (whether it is infected with malware or not) is contained in its own secure micro- VM. If a micro-vm is penetrated by any advanced attack, it remains completely isolated. The threat is unable to attack the desktop, persist any malware, steal any data or penetrate the enterprise network. When malware strikes the entire attack is automatically recorded and delivered to Bromium s LAVA (Live Attack Visualization and Analysis) console. LAVA provides a depth and breadth of information that arms security operations centers with critical threat intelligence and a stronger defense-in-depth strategy. For more information To learn more about Bromium s game-changing security architecture, please visit www.bromium.com. ABOUT BROMIUM Bromium has transformed endpoint security with its revolutionary isolation technology to defeat cyber attacks. Unlike antivirus or other detection-based defenses, which can t stop modern attacks, Bromium uses micro-virtualization to keep users secure while delivering significant cost savings by reducing and even eliminating false alerts, urgent patching, and remediation transforming the traditional security life cycle. Bromium, Inc. 20813 Stevens Creek Blvd Cupertino, CA 95014 info@bromium.com +1.408.213.5668 Bromium UK Ltd. Lockton House 2nd Floor, Clarendon Road Cambridge CB2 8FH +44.1223.314914 For more information go to www.bromium.com or contact sales@bromium.com Copyright 2015 Bromium, Inc. All rights reserved. WP.Kernel-Exploit-Trends.US-EN.1510 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information