|Innovating The Next Big Thing||May 22, 2013|
• Leadership & Vision
• Innovation at HP
• HP Buzz
• Ecosystem: HP Partners & Customers
• Competitive Landscape: HP Rivals
• On the Go: Mobile & Wireless Solutions
• Enterprise Solutions
• Digital Arts & Entertainment
• Fine Print: Imaging & Printing
• Analyst Insights
• Enterprise Insights
• Network & Information Security
• Enterprise Mobility
Next Innovator Group
HP.com Quick Links
• The HP Blog Hub
HP User Groups
• Ghost City
Feedjit Live Web Stats
McAfee Blogs: How today’s new generation of security products protect you in each of the 4 phases of every attack
May 24, 2012 – Dan Wolff
If my last blog on how today’s malware penetrates your systems terrified you - you’re not the only one! Now lets take a look at protection technologies and where they are effective.
In phase one, effective tools are those that limit or block first contact with a victim. These include host or network based web filtering products for the majority of today’s threats. For protection against physical compromise, such as with APTs, device control is needed. Host based NAC products can ensure that only ‘healthy’ endpoints are allowed to connect to a network. Even host based firewalls can protect against misconfigured network security or unsecured internet connections like roaming users might find.
In phase two, the job gets harder, especially when trying to stop previously unknown threats from exploiting new or recent vulnerabilities. Typical here is some type of buffer overflow attack which requires some type of memory protection or system call interception techniques to watch for buffer overflow attack. What is also required is scanning memory and network traffic upon access, sometimes called on-access scanning. Relatively new are file whitelisting or application control products, which use a ‘deny by default’ approach so that only known files or applications can be installed.
In phase three, traditional AV has played the strongest role by scanning the disk for known malicious files. This method has the advantage of being very deterministic in detecting and cleaning all areas of the file and operating system, but remediation costs are higher. New technologies like McAfee Deep Defender protect attacks prior to the OS loading, providing new protections for this critical threat. Uses McAfee DeepSAFE technology to operate beyond the OS and the first solution to provide real-time kernel memory protection to stop zero-day threats before they have chance to hide. What is interesting about these four phases is that various security technologies usually have a narrow role to play in disrupting malware. It also shows that traditional Antivirus techniques stop malware very late in the infection process, usually after software has been written to disk.
In phase four, change control techniques like Whitelisting and access protection rules can prevent malicious software from changing known good application files, preventing the execution of many activities. Also hosts based firewalls can prevent connections to known malicious bot networks and limit the loss of sensitive data.
» Send this article to a friend...
» Comments? Tell us what you think...
» More Network & Information Security articles...
Commentsblog comments powered by Disqus
Support This Site
• 5/12 Frontline Sentinel: Two-Factor Authentication for Social Media Sites
• 5/12 Print Service Providers Worldwide Accelerate Growth with the HP Indigo 10000 Digital Press
• 5/10 McAfee Blogs: RealTime for ePO – Optimized Endpoint Security
• 5/10 HP Announces Participation in Upcoming Investor Conferences
• 5/10 HP Vertica Announces First Annual Worldwide User Conference
• 5/10 HP to Present Live Audio Webcast of Second Quarter Earnings Conference Call
• 5/10 Ovum: Ovum comments: GB smart meter delay better late than never
• 5/10 Gartner Says India Has The Potential To Lead The World In The Nexus Of Social, Mobile, Cloud And Information But May Waste The Opportunity
• 5/9 Frontline Sentinel: NSA's Manual on Hacking the Internet
• 5/9 Frontline Sentinel: 8 charged in $45 million cybertheft bank heist
• 5/9 Gartner Highlights Three Key Foundational Elements for Demand-Driven Retail Success
• 5/9 iSuppli: Korean and American Versions of Galaxy S4 as Different as Kimchee and Coleslaw, IHS Teardown Reveals
• 5/9 eMarketer: eMarketer: Emerging Markets Drive Facebook User Growth
• 5/9 Connect: Influence HP - HP ISS Roadshow in August and September
• 5/9 Connect: Meet Stephanie Webster - Connect Member Relations Manager
• 5/9 Wireless Watch: Microsoft/Nokia alliance at crossroads as both ponder OS futures
• 5/9 Wireless Watch: Apple must rethink far more than the iOS user interface
• 5/9 Faultline: Quantenna gets closer to ST Micro, expect it to get “ascloseasthis”
• 5/9 Faultline: Microsoft volunteers to take Nook, as Barnes and Noble start to breakup
• 5/9 Canalys: Smart mobile device shipments exceed 300 million in Q1 2013 - Android powers 59% of smart phones, tablets and notebooks
• 5/8 McAfee Blogs: Cybercriminals Celebrate – It’s Mothers Day!!
• 5/8 Ovum: Government policy-makers need to create a level playing field for cloud services procurement
• 5/8 Gartner Says Smart Organizations Will Embrace Fast and Frequent Project Failure in Their Quest for Agility
• 5/7 McAfee Blogs: How Secure Are Your Social Accounts?
• 5/7 McAfee Blogs: The Password Problem. Is it Your Problem?
• 5/7 McAfee Blogs: Have you met McAfee’s SIEM?
• 5/7 McAfee Blogs: NCCDC 2013 – Red Team Recap
• 5/7 HP Security Lab Blog: HP TippingPoint announces Security Management System 3.6
• 5/7 McAfee Blogs: Yes, There are “Mother’s Day” Scams
• 5/7 Ovum: Analyst View: TPG looks to become Australia’s fourth MNO
• 5/7 Ovum: Analyst view: UK G-Cloud to champion public cloud
• 5/7 Gartner Says CIOs Will Need to Manage Both Technology and Business Innovation to Gain Competitive Advantage with Big Data
• 5/6 The Next Big Thing Blog: Tech Con ‘13
• 5/6 Data Central: Driving Change in the Energy Space
• 5/6 HP Gives SMBs Increased Mobility and Performance with New PC and Print Solutions
• 5/6 Spring '13 Commercial Printing and Personal Systems Launch – SMB
• 5/6 HP Improves Customers’ Data Center Efficiencies to Support Future Growth
• 5/6 Gartner Says Indian Public Cloud Services Market To Reach $443 Million In 2013
• 5/6 iSuppli: IHS Discusses How PCs Can Survive the Tablet Invasion, at the SID Touch Gesture Motion Event
• 5/6 McAfee Blogs: Emerging ‘Stack Pivoting’ Exploits Bypass Common Security
• 5/5 McAfee Blogs: Intel, McAfee Investing in Network Security; Strength through Acquisition
• 5/5 McAfee Blogs: Change Your Password Day – Get Onboard!
• 5/5 Frontline Sentinel: iFrame drive-by attack demo [Anatomy of Attack online]
• 5/5 The Next Big Thing Blog: Robots in space, more to come...
• 5/3 Frontline Sentinel: Basic Use of Maltego for Network Intelligence Gathering
• 5/3 iSuppli: Russian, Eastern European Video Surveillance Market to Double from 2012 to 2017