IBM has become the latest big name vendor to offer organizations protection against sophisticated targeted attacks with Trusteer Apex – an endpoint security tool designed to spot, block and contain such threats.
Trusteer Apex, built by the $1bn Israeli firm IBM bought last year, aims initially to prevent malware associated with these attacks infecting the endpoint.
It does this for one by restricting the use of Java, by blocking malicious Java apps and ensuring untrusted applications cannot perform high risk tasks. IBM said in its X-Force Threat Intelligence Quarterly that 96% of Java exploits come from rogue Java apps.
Apex also utilizes threat intelligence via a database of over 70,000 vulnerabilities to send security updates to endpoints – data that is expanding continuously thanks to an extensive feed from 100 million endpoints, IBM said.
Big Blue also said that this automated threat analysis functionality reduces management overheads and claimed it can turnaround protection against new threats in “near real-time.”
Spear phishing is an important element of advanced targeted attacks as a typical means by which cyber criminals infiltrate victim networks.
Trusteer Apex looks to lock down that avenue by blocking any resulting malware and helping IT managers enforce policies prohibiting the reuse of corporate passwords on social networks and other sites outside the firewall, according to IBM program director, Andy Land.
Finally, the new product has been designed to detect and block any communication between malware and C&C server, in the event that it has managed to infiltrate the corporate network.
This could help IT teams both to discover an ongoing attack and ensure that any sensitive data has not been exfiltrated outside the organization.
“Apex monitors the 'strategic chokepoints' in which exploits deliver the malware and infect the computer. We have mapped out the limited number of methods attackers can use at the chokepoints to establish malware on the box,” Land told Infosecurity via email.
“Even if the threat is a zero-day threat, it will have to pass in one of these chokepoints and that's where Apex will break the attack. We protect three key chokepoints: 1) where malware attempts to achieve persistency; 2) malware exploitation of Java apps; and 3) malware attempting to set up communication outside of the enterprise to exfiltrate data.”
IBM Trusteer Apex integrates with QRadar and Endpoint Manager as part of Big Blue’s Threat Protection System announced earlier this month.
The risk to organizations from targeted attacks is growing. According to IBM Trusteer commissioned research from Ponemon, breaches from APT-style attacks cost on average $9.4m in brand damage alone.
Just this week the threat to organizations was highlighted by new research pointing to growing Chinese cyber espionage activity in the South China Sea area and Washington’s indictment of five PLA operatives for hacking US companies.