Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Malware protection before infection

The service, which runs on an Intel-based appliance running Red Hat’s Fedora operating system, has the capability to detect sophisticated threats. The malware detection and diagnosis system harnesses the preliminary traces of an attack.

By deploying a single device, the company’s Firstlight Active Malware Protection (AMP) allows companies to identify new malware threats as they traverse the wire before an infection occurs. It also blocks malware at the gateway and remediates infections by locating infected hosts inside the network.

Specifically AMP captures an image of the malware and relays it directly to anti-virus vendors. AMP also goes after the command and control channel that directs botnet and targeted attacks and stops it before it gets onto any systems. In addition, the service gives administrators a dashboard view of the current state of their network.

Christopher Jordan, Endeavor Security chief executive, told reporters AMP permits the company to see how the malware code has been modified. “It’s a brand new capability of capturing malware,” Jordan said. “We’re reverse-engineering the unknown malware we capture, with the objective to remove information on the covert channels. That lets us find infected machines already on the network.”

The system is faster at heading off new, unknown malware that existing products, according to Endeavor Security. The new technology detects the preliminary traces of an attack and provides companies with a way to prioritize malware protection. The technology also provides real-time threat intelligence including new malware, exploits, attack origin and attack trend information.

Endeavor Security is currently running the technology along with its existing IDS/IPS signatures on its own decoy network.

Endeavor Security said customers use its portal to access the latest information on emerging threats. The portal allows companies to track threat activity, identify infected machines and compare global activity with activity on the company’s network.

The service was developed under the DHS’s Small Business Innovation Research (SBIR) program and Endeavor Security is rolling out the technology as a software-as-a-service offering. The technology, which is available now, was presented at a DHS system integrator forum on yesterday (February 21). The event showcased several new security solutions funded by the DHS Science and Technology unit which are aimed to remediate federal and commercial cyber security vulnerabilities.

For example, vulnerability analysis tools that model cyber network penetration, based on the network configuration and known vulnerabilities and produce a view of all potential multi-step attacks through the network, will also be highlighted.