The FireEye Malware Protection System (MPS)
The FireEye Malware Protection System (MPS) accurately blocks Modern Malware, such as Trojans, bots, crimeware, and advanced persistent threats, in real-time using an advanced multi-phase analysis engine to capture and confirm zero-day malware and targeted attacks. At the core of each security appliance are the FireEye Malware-VM™ and Malware-Callback™ technologies, which combines inbound and outbound filtering to break the malware infection lifecycle.
KEY TECHNOLOGY FEATURES:
- Multi-stage inspection and blocking engine that stops known and zero-day attacks while simultaneously eliminating false positives. The multi-stage inspection process unifies virtualization and network security to accurately block Modern Malware that are used to penetrate networks and steal resources and sensitive data
- Malware-VM analysis utilizes proprietary and trade secret virtualization technology to analyze and confirm true, zero-day malware, such as Trojans, targeted attacks, bots, VM-aware malware, and advanced, persistent threats
- Malware-Callback filter blocks outbound callbacks based on local malware intelligence from the Malware-VM analysis as well as based on global malware intelligence provided by the MAX Cloud Intelligence network
Newly discovered malware is installed to completion within the FireEye Malware-VM filter so that malware file locations, new registry keys, corrupted DLL’s, etc. are all tracked in addition to outbound, callback destinations. Now, analysis of polymorphic Modern Malware can be reliably automated to create dynamic blocking of inbound zero-day attacks and its outbound transmissions. Local zero-day malware intelligence is dynamically-generated by each Malware-VM filter to provide real-time malware forensics used to protect the local network. This analysis can be shared globally through the MAX Cloud Intelligence network for use by all subscribers to stop data and resource thefts.
Contact them to get an online demo!
[media = 6]
SANS Security East 2011
SANS Security East 2011
SANS Security EAST 2011 is 59 days away and only 17 days left for the best Early Bird pricing:
When: January 20-27
Where: New Orleans, LA
SANS is proud to be back in the historic French Quarter of New Orleans for SANS Security East 2011 on January 20 – 27 with our top instructors, new course offerings, action-packed night sessions, and many exciting special events.
Be sure and look for all the added benefits that come with a SANS conference: Special events, renowned expert speakers, vendor expo, fun night events, networking with other professionals from around the world, and more!
Simply go to http://www.sans.org/info/67168 by December 8 and use discount code: Connect_SecOrb10 to receive the best pricing. Improve your information security skills and prepare for your certification test with the very best instructors in the industry.
Trustifier Security Product
Trustifier. The injectable nano liquid security engine that you can deploy at any layer to any level and get the security that you need around critical information.
Starting from the operating system kernel itself, Trustifier security engine can inject itself into all core security layers within an operating system and into applications, where it performs checks on the operations of the applications, system services, user behaviour, device control, network usage, data processing, and more.
[media id = 1]
Buy solutions at the Trustifier Online Store (1.888.233.1596)
Invincea™ Browser Protection enables users to knock out sophisticated Web-borne threats–in real time
Invincea™ Browser Protection shields PC users against all types of Web-borne threats by seamlessly moving desktop Web browsers into a controlled virtual environment.
Exceptional Protection: Invincea provides a fully isolated browser environment to maximize PC protection. It automatically detects and terminates a threat in real time, disposes of the tainted environment, and restarts a pristine one.
Signature-Free Detection: Unlike other solutions, Invincea does not rely on malware signatures for detection, nor does it rely on users to make correct security decisions. Instead, it automatically identifies malware attacks based on behaviors and actions inside a controlled environment.
Easy to Use & Deploy: The Invincea secure browsing environment has the same look and feel as your unprotected browser, with no difference in use and negligible PC performance impact. Invincea Browser Protection can be easily distributed and updated using your existing desktop management system.
Forensic Intelligence: Invincea captures actual, real-time malware attack details that can be used to bolster other security devices.
REQUIREMENTS: Invincea is a Windows-based application supporting XP and Vista, with Windows 7 support coming soon.
[media id=4]
More information on Invincea can be found here or http://www.invincea.com/
Hackin9 November Issue – Spyware – Someone is always watching…
Hackin9 November Issue – Spyware – Someone is always watching…
Free Issue to Download!
In order to download the magazine you need to sign up to our newsletter. After clicking the “Download” button, you will be asked to provide your email address. You need to verify your email address using the link from the activation email you will receive. If you already subscribed to our list, you will be asked to provide your email address each time you download the magazine. No activation email will be sent and you should see the link for download.
IMPORTANT NOTICE
1. After the activation of your subscription you need to click the“download” button once again to start downloading the PDF.
2. In case you do not get the activation email please check your spam folder. If it is not there, please use different email address.
· Deploying & Utilizing Intrusion Detection Using Snorby
Snorby is an advanced Snort IDS front-end. Snorby has two basic fundamental pieces, which are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring in enterprise environments or private use.
– Joshua Morin
· Malware Incident Response – Outbreak Scenario
This article applies to Microsoft OS on Intel Platform. With the ongoing threat of the Conficker Virus, which is still hanging like the sword of Damocles, it becomes very important to know and understand, what exactly needs to be done during a possible Virus Outbreak.
– Rajdeep Chakraborty
· TDSS botnet – full disclosure
What is a botnet? A botnet is not merely an army of infected computers. First of all, a botnet is an externally managed complex structure. While the malware side is studied pretty well in most known botnets, the management side is often underestimated. The latter usually involves hacking and vulnerability exploitation, because server side scripts of a centralized botnet are hidden from public.
– Andrey Rassokhin and Dmitry Oleksyuk
· When XOR is your friend…
Using a random enough input stream may sound like outright blasphemy to many if not all reading this; however in this article I will demonstrate when using it makes sense. One of my hobbies include creating crypto challenges where I hide an English message string in a block of numbers and letters. The first challenger that can correctly find what the message exactly states and demonstrate the algorithm used (usually in a programmatic fashion) they win a cash prize. I’ve learned over this year that in the past I had been making it far too difficult…
– Israel Torres
· Proactive Defenses and Free Tools
In my last article, I described the greatest breach in cyber history and made some suggestions on how it could have been avoided – enabling strong wireless encryption, testing your wireless routers for vulnerabilities, visitinghttp://nvd.nist.gov, limiting the number of trusted devices allowed
on your wired and wireless networks and hardening your systems.
– Gary S. Miliefsky
· Wuala – Secure Online Storage
– Michael Munt
· Book review: A beginners Guide to Ethical Hacking
– Shyaam Sundhar
· An analysis of the spyware threat and how to protect a PC
– Julian Evans
· Electronic Cold War
– Matthew Jonkman
Web Application Security: An Overview
An area of information security that has been gaining a lot more focus in recent years is the security of web applications. This area is of particular interest because of the growing complexity of websites which makes them a strong target for those with malicious intent. Websites are attractive to attackers because they manage bank accounts, handle credit cards, store intellectual property, and other data of high value.
Web developers typically do not have any formal training in the area of security and their priorities usually lie elsewhere. Business functionality and meeting tight deadlines are typically the focus areas of developers and security is often forgotten, or at most, an afterthought. This leaves the door wide open for attackers to discover vulnerabilities and exploit them to gain access to sensitive data.
One of the most recent certifications now being offered by the SANS institute focuses on this area. I had the privilege of taking this particular class and obtaining the certification. The class taught me how to perform a “penetration test” on a web application and exploit the vulnerabilities that are found.
There are plenty of products on the market today that are used by organizations to run automated scans on their web applications to find vulnerabilities. However, often times the most effective way to find vulnerabilities in a web application is to combine this automated testing with manual testing. Automated testing alone often yields many false positives that require manual investigation to discover.
Overall, I believe the best way to implement web application security within your organization is to incorporate security into the software development life cycle. It is much more difficult and requires much more time and money to fix security problems in your application after it has already been deployed to production. Security vulnerabilities like Cross-Site Scripting and SQL Injection are all two common in web apps and these vulnerabilities pose a bigger business risk than many organizations realize.
