Page 14 - Cyber Warnings
P. 14
• Many behavior-based solutions are exclusively cloud-based. Transmitting sensitive files
to an outside service may be an issue for some organizations.
Not All Behavior-based Technology Is Created Equal
Conventional sandbox technologies have limited visibility and can only evaluate the interaction
between an object and the operating system. By observing 100 percent of the actions that a
malicious object might take, even when it delegates those actions to the operating system or
other programs, CSOs can evaluate not only the malware’s communication with the operating
system, but each instruction processed by the CPU.
How Behavior-based Solutions Work
Advanced malware detection solutions observe and evaluates in context every line of code
executed by the malware in context. Furthermore, they analyze all requests to access specific
files, processes, connections, or services. This includes each instruction executed at the
operating system level or other programs that have been invoked, including low-level code
hidden by rootkits.
The technology identifies all malicious, or at least suspicious activity, which, when taken
together, makes it very clear that a file is malicious before it is released onto the network to
actually execute any potentially damaging behavior.
Both signature and behavior based malware detection are important and have distinct
advantages. The best security will come from utilizing both technologies simultaneously. Too
many security officers are misled by vendors promoting “next-generation” firewalls and other
“state-of-the-art” security tools.
They don’t realize that these “latest” products are relying exclusively on the decades old
signature-based approach to malware detection that will miss evasive malware and zero-day
attacks. No organization with sensitive data or critical operations to protect should be without
behavior-based malware detection to augment the capabilities of existing security tools.
About the Author
John Cloonan is Director of Products for Lastline with a passion for creating innovative
information security solutions. Of his nearly 25 years of professional experience, he has spent
more than 15 years in Information Security software development and service delivery. John
Cloonan is Director of Products for Lastline with a passion for creating innovative information
security solutions. Of his nearly 25 years of professional experience, he has spent more than 15
years in Information Security software development and service delivery.
14 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
