Share

Related Links

  • FireEye
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Trusteer develops no-footprint endpoint malware detection
    Trusteer has developed a cloud-based malware detection service that is billed as allowing corporates to defend their end points with no code footprint installed on the device.
  • SpyEye and Zeus cybercriminals DDoS blast web security services
    It looks like the battle between the cybercriminals behind the recently twinned SpyEye plus Zeus malwares and the IT security industry is being won by the good guys/girls, as the developers behind the two trojan/botnet darkware applications are reportedly very frustrated with the success of ZeusTracker and SpyEyeTracker.
  • Google tackles Android malware-fest
    If you've been reading Infosecurity's news pages in recent weeks and months, you're probably aware of the dangers lurking in the Android open source smartphone environment. Now Google - the developers of Android - has woken up to the fact as well, as is promising to remediate the security problem.
  • Trojans dominated February IT security threats landscape says GFI
    The latest monthly threats report from GFI Labs claims to show that trojans dominated the landscape, with six out of the top ten malware threats falling into the trojan category.
  • "Android is terrifying" says ESET's David Harley
    David Harley, ESET's senior researcher fellow, is hosting a presentation on the mysteries of the Stuxnet malware on day one of the Infosecurity Europe show next month, and Infosecurity got a chance to talk to him about the latest trends in malware.

Top 5 Stories

News

FireEye launches in UK; takes wraps off next-gen security technology

17 March 2011

FireEye, a security vendor that describes itself as a malware protection system (MPS) specialist, has opened its office in the UK, as well as launching what it claims is a unique approach to malware security.

Like many of its competitors, the company's email MPS appliance analyses all the data flowing through the network perimeter, but it also executes all email objects in a virtual machine environment.

In the event that an object passes the usual security tests, it is allowed through but, if the item flags up as breaching security in the virtual machine environment, it is immediately recalled.

Ashar Aziz, the firm's CTO and founder, explained that, if an object or email item is found to be problematic, the appliance recalls the mail item and then quarantines it.

"This is important if the object is an embedded PDF or complex HTML attachment, as conventional IT security systems and software will not detect the presence of malware or similar problems", he told Infosecurity.

"By executing in a virtual computer environment, it is possible to discover what an email item or data object actually does and take action if required", he said.

The process of executing an object in a virtual machine environment, he went on to say, takes anywhere between a few milliseconds to a few tenths of a second.

That timeframe, he claims, may be enough for an infection to start to hit a users' machine – assuming it is opened immediately – but not fully execute.

In the case of a botnet infection for example, he said, the suspect email can be recalled a long time before the infection event begins to execute.

According to FireEye, along with data from its cloud intelligence network, appliance users get the latest security content about malicious attachments targeting zero-day vulnerabilities, malware callback channels, and URL blacklist updates.

"Using the FireEye Email MPS, we've been able to stop over three dozen separate spear phishing attacks over the course of two weeks", said an IT administrator at a US defence contractor, who asked to remain anonymous.

"In our case, we've seen no false quarantines, and by integrating with our FireEye Web MPS, we can quickly trace a zero-day web exploit back to its spear phishing email preventing a breach and saving at least 320 hours of forensic analysis for just one of the incidents", he added.

This article is featured in:
Application Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×