Ares

A Defense Technology Blog
See All Posts
  • What's New In Cyber-Dirty Tricks
    Posted by David A. Fulghum 4:05 PM on Oct 26, 2011

    An interesting peek at top cyberdefenses comes from a list of “best anti-malware” assembled by Government Security News, a homeland security trade publication. Criteria for the list were electronic capabilities aimed at “sniffing out bad things that already lurk” in cyberspace. The toolbox provides an interesting survey of digital dirty tricks. The following is a précis of four new capabilities:

    •RSA Netwitness Spectrum allows automatic analysis of every executable item in a network to determine its maliciousness. It looks for deviations from a known good state without signatures, and it prioritizes the results. Spectrum uses four distinct and concurrent analytic methodologies to deliver consolidated and prioritized malware analysis that combines threat intelligence, deep packet inspection, multi-vendor sandboxing and static analysis to ensure maximum visibility into advanced threats. It tells users where the threat made its entry, how it moved laterally, what systems were owned, what data were exfiltrated, and when.

    •Invincea Browser Protection creates a protective “bubble” around browsers, which are a primary attack point for malware. It protects users against spear-phishing and other online threats that target critical defense contracting networks and government agencies. It also is designed to make business infrastructures more resilient to attacks by addressing exploitation of end-user trust. By placing browsers in a protective bubble, it creates an “airlock” that seals potential intrusion vectors until the execution of activity can be proven safe to prevent lateral movement of infections within the network.

    •The M86 Secure Web Gateway (SWG) scans web-page code and analyzes the code’s true intention upon execution, enabling organizations to safely communicate via the Internet and social networks. If malicious intent is detected (e.g., stealing data), it can remove the code and still load the page, or block the page all together. The gateway can scan and analyze web code to determine what will happen upon execution of a web page, and it can strip out malicious code, then load pages safely.

    •GFI Sandbox is a malware tool that analyzes most Windows applications or files including infected Office documents, PDFs, malicious URLs, Flash ads and custom applications for suspicious or malicious behavior. It also provides kernel-level file monitoring, allowing for analysis of any file or URL. It gives a view of threat elements from infection vector to payload execution. The capability lets agencies identify threats, including custom malware designed exclusively to compromise their networks. Additionally, investigative agencies can use SandBox for forensic purposes, reconstructing how malware was able to infiltrate networks and determining programming tendencies from known malware writers to help track down perpetrators.

    No price tags for the capabilities were available.

    Tags: ar99, cyber

Share:
  • Recommend
  • Report Abuse

Comments on Blog Post