|
According to any of today's information security approaches, the largest challenge is handling the Zero-Day and targeted attack threats. Due to the dominant technologies used today, when threats are being identified based on a digital signature attached to the file name, only after a significant number of workstations are effected, will the Anti-Virus vendor or software providers be aware of the threat and develop the patch to resolve it. Not always though will a digital signature help to cope with the Zero-Day threat detected. On some cases, a new software patch, hot fix or entirely new version of the software will need to be released, to block the newly discovered vulnerability. In a more specific threat – the targeted attack such as Trojan horse, it is practically impossible to detect it, since it will only infect the desired targeted workstation, and will not reach the magnitude required to be detected by Anti-Virus vendors. All mentioned above becomes even more challenging, when the primary objective is to handle the threats detection and prevention as they occur, meaning – in real time.
A computer threat which tries to exploit unknown, undisclosed or patch-free computer application vulnerabilities. It is well known that during a development process, an average of one bug for every 8 code lines is reached. Thus it is more than reasonable to believe that software related vulnerability will exist with any software released, and it is only a matter of time before it is identified by a potential attacker.
Zero-day exploits are released before the vendor patch is released to the public. Additionally, Zero-day exploits generally circulate through the ranks of attackers until finally being released on public forums. A zero-day exploit is usually unknown to the public and to the product vendor.
Malware writers are able to exploit zero-day vulnerabilities through several different attack vectors. For example, when users visit rogue (or black hat) Web sites, code on the site may exploit vulnerabilities in Web browsers. Web browsers are a particular target because of their widespread distribution and usage. Hackers can also send e-mail attachments, which exploit vulnerabilities in the application opening the attachment. Typically badly written software will be vulnerable to several zero-day vulnerabilities in a short period of time. Exploits that take advantage of common file types are numerous and frequent, as evidenced by their increasing appearances in databases like US-CERT. Users with malicious intent can engineer malware to take advantage of these file type exploits to compromise attacked systems or steal confidential data.
Detecting and removing Zero-Day exploits and viruses is not a simple task. As of today, there is no unified true solution, which can detect and remove the newly created threat, which is not detected by Anti Virus, nor by the firewall installed. With the new release from Nyotron, Paranoid © a real solution to this well known problem will be available, as it will enable a real time detection of all Zero-Day threat, targeted attacks and other means of threats. Since Paranoid analyzes all kernel activity, it is possible to identify, in real time, the occurrence of an unauthorized or malicious activity, in real time, while end user feels no change in the daily work experience. For more information about Paranoid solution, click . |
