I'm not sure what to think about this. They have chosen not to name the tools that were tested. But I assume it were AV's since HIPS are not meant to detect. You would think that AV's with a HIPS component would be able to stop this kinda stuff. https://blog.mrg-effitas.com/new-an...dent-test-of-apt-attack-detection-appliances/
No they aren't AV's the are new products with new techniques priced out of the hands of individuals. Look at the most popular products here, and then ask heads of IT in organizations that have IT departments about these. Bet they never heard of them. Remember they have to use what they can sell to their bosses who have even less knowledge.
They said that they have a strong intention to publish BAB0 in the near future. I'm looking forward to testing it against my XP/SP2, with NO updates, system. I expect i Won't be infected, due to @ least the following. 1 - No Java 2 - AntiExe etc & HIPS 3 - No MS Office 4 - VBS interception/blocking 5 - Script blocking
@Rasheed187 HIPS would probably be able to do more if it were more complete, i.e. more like full mandatory access control. Most of the HIPS products for Windows I've seen are quite limited in finesse. (Windows' native integrity levels might offer more control, but barely anyone uses them!)
They don't mention the tested products, but they do mention examples: "Therefore, a range of new solutions, specifically designed to detect APT attacks, have appeared on the market in the recent past, including Cisco’s SourceFire, Checkpoint, Damballa, Fidelis XPS, FireEye, Fortinet, LastLine, Palo Alto’s WildFire, Trend Micro’s Deep Discovery and Websense."
don't forget Windows scripting and access to cmd.exe and command.com, HKCU autostarts, risk-ware services (remote control/support/sharing)
I have a Netgear Prosecure UTM 25 which has performed extremely well in the past. My security appliance is still no replacement for a traditional AV, or any other security software. The user can still be infected by simply plugging in an infected USB device. Also many threats may not be detected by heuristics until they attempt to execute. A good HIPS, or AE will always block more attacks than a gateway security device. They block without any need for detection. The only question is their usability. I love my UTM, but it's no replacement for my other security software. For me the best thing about my UTM is it can handle higher volumes of traffic much better than home routers. It does not bottleneck like most home routers I have used. Its also super easy to configure firewall rules for my applications. It's always great to have a really good hardware firewall. I rarely ever had the AV detect anything. It uses SOPHOS AV. I guess I must be a safe surfer. I must sadly say though i'm not currently using it. I had some life events which caused me to put most of my hardware in storage. I do however have the experience of using it for almost 3 years.
Yes my bad, I didn't read everything yet. But seems strange to me that these advanced products wouldn't be able to stop and detect these kind of malware? I also must say that when I read all of their websites, the info is quite overwhelming. I think only Trend Micro did a good job of explaining what their product exactly does. http://www.trendmicro.com/us/enterprise/security-risk-management/deep-discovery/
Well, those are not exactly about UTM, but MPS (Malware Protection System) though they can include UTM as a component (also can include HIPS). Not so strange, just like AV miss common malware, MPS can miss advanced malware though they're meant to detect them. And overwhelming is okay as they're not meant to be read by common home user but by IT admin. I think what Trend gives is just an overview, so good IT admin will require more info to be sent before purchase.
