Top 5 Stories


Malware protection before infection

22 February 2008

A US Department of Homeland Security-funded research program will help deliver Endeavor Security’s new method of targeting botnet and malware attacks before hosts are infected.

The service, which runs on an Intel-based appliance running Red Hat’s Fedora operating system, has the capability to detect sophisticated threats. The malware detection and diagnosis system harnesses the preliminary traces of an attack.

By deploying a single device, the company’s Firstlight Active Malware Protection (AMP) allows companies to identify new malware threats as they traverse the wire before an infection occurs. It also blocks malware at the gateway and remediates infections by locating infected hosts inside the network.

Specifically AMP captures an image of the malware and relays it directly to anti-virus vendors. AMP also goes after the command and control channel that directs botnet and targeted attacks and stops it before it gets onto any systems. In addition, the service gives administrators a dashboard view of the current state of their network.

Christopher Jordan, Endeavor Security chief executive, told reporters AMP permits the company to see how the malware code has been modified. “It’s a brand new capability of capturing malware,” Jordan said. “We’re reverse-engineering the unknown malware we capture, with the objective to remove information on the covert channels. That lets us find infected machines already on the network.”

The system is faster at heading off new, unknown malware that existing products, according to Endeavor Security. The new technology detects the preliminary traces of an attack and provides companies with a way to prioritize malware protection. The technology also provides real-time threat intelligence including new malware, exploits, attack origin and attack trend information.

Endeavor Security is currently running the technology along with its existing IDS/IPS signatures on its own decoy network.

Endeavor Security said customers use its portal to access the latest information on emerging threats. The portal allows companies to track threat activity, identify infected machines and compare global activity with activity on the company’s network.

The service was developed under the DHS’s Small Business Innovation Research (SBIR) program and Endeavor Security is rolling out the technology as a software-as-a-service offering. The technology, which is available now, was presented at a DHS system integrator forum on yesterday (February 21). The event showcased several new security solutions funded by the DHS Science and Technology unit which are aimed to remediate federal and commercial cyber security vulnerabilities.

For example, vulnerability analysis tools that model cyber network penetration, based on the network configuration and known vulnerabilities and produce a view of all potential multi-step attacks through the network, will also be highlighted.

This article is featured in:
Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×