Page 105 - index
P. 105
accounting for every single vulnerability. When you build a system, it's easier to build a model or profile
of how you expect it to be used than to catch every possible bad thing that can happen."
Network Behavioral Analysis
McAfee has thrown considerable heft behind behavioral analysis to address network threats. In 2012,
the company decided to roll out a virtual, production-ready instance of its McAfee Network Threat
Behavior Analysis (NTBA) to both new and existing McAfee Network Security Platform customers.
Tyler Carter, who heads up product marketing for McAfee's Network Security Program, in December
went on to write that the modern threatscape is screaming out for improvements on the traditional
security approach, which includes blacklists. "Network Threat Behavior Analysis gathers network flow
information from all over your network, determines what is normal in your network, and then scrutinizes
deviations from the norm that are likely to be dangerous," he wrote. "This becomes your sentinel on the
wall, looking for targeted and stealthy attack behavior that just barely deviates from the norm --- not
significant enough for traditional defenses, but the only evidence that can prevent these attacks."
So, OK, McAfee's looking to improve network protection with behavioral analysis. But why stop there?
Vendors aren't.
Antivirus Behavioral Analysis
Bitdefender, for its part, runs behavioral analysis in its antivirus offering. In May 2006, the company
rolled out a new technology, now patented, called B-HAVE, intended to wean antivirus technology off its
dependence on virus signatures by proactively detecting unknown threats. B-HAVE analyzes behavior in
a virtual PC environment to figure out if an application will pull any of the tricks for which malware is
infamous: modifying files, reading from or writing to a sensitive area of memory, or creating a file that's a
product of a known virus, for example. Keeping the program at arm's length in this virtualized
environment allows Bitdefender to vet the visitor. If the program behaves, without trying to pull a
malicious stunt, the technology allows it to start normally. Otherwise, Bitdefender quarantines or deletes
the app.
SQL Injection Threat
What's good treatment for networks and applications is just as good for one of the most persistent,
always-at-OWASP's-Top-Ten list of the most critical web application security risks: SQL injection.
What is it with SQL injection? Why is this vulnerability so persistent? Can't companies just fix their code,
already? How hard can it be?
Application rewrite
It can be very hard. As DB Networks brings up in a white paper, SQL Injection Attack: Detection in a Web
Application Environment, when working to prevent or remediate SQL injection, enterprises strive to write
or deploy highly secure code or to encrypt confidential data. That, unfortunately, isn't always possible.
Sometimes the code in question was developed by a third party and isn't available to modify.
Sometimes, fixing deployed code sucks up precious time and resources that need to be devoted to
105 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
