Zero-day and Unpatched software
In the past years, the clear majority of malware attacks utilized exploits, malicious use of vulnerabilities in the target system, to gain or deny access and control of the target device, application or service.
Common protection means are based on the following concepts:
• Signature/heuristics based detection
• Behavioral detection
However, the common protection tools described above are not fitted to tackle the problem of unknown (zero-day) exploits. Security usually fails when it encounters an unknown exploit. An unknown exploit is mostly a result of:
a. Zero-day vulnerability – A new vulnerability part of the continuous effort of cyber-criminals and hackers.
b. New Ransomware malware
c. Un-patched vulnerability
ZEROX Advanced Exploit Detection and Analysis
ZEROX is an innovative solution for detection and real-time prevention of malicious agents such as viruses, worms, trojans and other Advanced Persistent Threats (APT’s) on enterprise’s MS-Windows workstations. Unlike other solutions in the market, ZEROX prevents known and unknown attacks simultaneously and provides valuable information for forensics and exploit analysis.
The premise of ZEROX is that an attack will happen, by a presumably unknown exploit. To counter the attack attempt, ZEROX sets traps (honeypots) in the operating system in order to impede the installation of the malicious software, once the system is exploited.
ZEROX Zero-Day blocking
When the system is exploited, ZEROX detects and stops the attempt before the malicious code can install itself or alter the system, not before gathering relevant information to identify the source and triggers of the attack attempt. ZEROX DLL monitors certain Operating System resources in the process memory for use by intruding malicious agents
ZEROX Ransomware blocking
Ransomware can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider. Ransomware encrypts files in the PC so they will not be accessible for the user.
Exposing exploit’s code
Upon detection, the solution captures the code dump of the exploit to support malware analysis. ZEROX provides analytic tools to facilitate the reverse engineering of the captured exploit into readable source code. This way the utilized exploit can be fully investigated and examined.
ZEROX – Main Advantages:
By adding ZEROX to the set of security tools, customers enjoy the following benefits:
- Zero-day Prevention – The solution detects and stops exploitation attempts without a set of signatures, thus addressing the unknown and known vulnerabilities the same.
- Ransomware Detection and Prevention – Advanced algorithm for identifying and blocking generic Ransomware behavior in the very initial phase.
- Alerts and Reports – Upon detection, the solution alerts the user on the attack attempt and generates a detailed report containing the source and trigger of the attempt.
- Forensics Support – Upon detection, the solution collects system information to support malware analysis and the possibility to capture the malware and the utilized exploits.
- Real Time Protection – The solution is software based and integrated into the protected system – always present, always sentient.
- No Performance Impact – The solution does not conduct scans, thus it does not require system resources and does not affect normal system operation and performance.
- Integration with 3rd Party Solutions – Alerts and reports can be exported automatically to cyber command center or management applications.