New anti-APT tools are no silver bullets (report)

Discussion in 'other anti-malware software' started by Rasheed187, Dec 1, 2014.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    No they aren't AV's the are new products with new techniques priced out of the hands of individuals. Look at the most popular products here, and then ask heads of IT in organizations that have IT departments about these. Bet they never heard of them. Remember they have to use what they can sell to their bosses who have even less knowledge.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    They said that they have a strong intention to publish BAB0 in the near future. I'm looking forward to testing it against my XP/SP2, with NO updates, system. I expect i Won't be infected, due to @ least the following.

    1 - No Java

    2 - AntiExe etc & HIPS

    3 - No MS Office

    4 - VBS interception/blocking

    5 - Script blocking
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    @Rasheed187 HIPS would probably be able to do more if it were more complete, i.e. more like full mandatory access control. Most of the HIPS products for Windows I've seen are quite limited in finesse.

    (Windows' native integrity levels might offer more control, but barely anyone uses them!)
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    They don't mention the tested products, but they do mention examples:
    "Therefore, a range of new solutions, specifically designed to detect APT attacks, have appeared on the market in the recent past, including Cisco’s SourceFire, Checkpoint, Damballa, Fidelis XPS, FireEye, Fortinet, LastLine, Palo Alto’s WildFire, Trend Micro’s Deep Discovery and Websense."
     
  6. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,068
    Location:
    Netherlands
    don't forget Windows scripting and access to cmd.exe and command.com, HKCU autostarts, risk-ware services (remote control/support/sharing) :D
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    All intercepted/prompted or disabled ! Anyway, if/when it's released, we'll see
     
  8. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    That pretty much sums them up..
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I have a Netgear Prosecure UTM 25 which has performed extremely well in the past. My security appliance is still no replacement for a traditional AV, or any other security software. The user can still be infected by simply plugging in an infected USB device. Also many threats may not be detected by heuristics until they attempt to execute. A good HIPS, or AE will always block more attacks than a gateway security device. They block without any need for detection. The only question is their usability. I love my UTM, but it's no replacement for my other security software. For me the best thing about my UTM is it can handle higher volumes of traffic much better than home routers. It does not bottleneck like most home routers I have used. Its also super easy to configure firewall rules for my applications. It's always great to have a really good hardware firewall. I rarely ever had the AV detect anything. It uses SOPHOS AV. I guess I must be a safe surfer. I must sadly say though i'm not currently using it. I had some life events which caused me to put most of my hardware in storage. I do however have the experience of using it for almost 3 years.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes my bad, I didn't read everything yet. But seems strange to me that these advanced products wouldn't be able to stop and detect these kind of malware? I also must say that when I read all of their websites, the info is quite overwhelming. I think only Trend Micro did a good job of explaining what their product exactly does.

    http://www.trendmicro.com/us/enterprise/security-risk-management/deep-discovery/
     
  11. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Well, those are not exactly about UTM, but MPS (Malware Protection System) though they can include UTM as a component (also can include HIPS).

    Not so strange, just like AV miss common malware, MPS can miss advanced malware though they're meant to detect them.
    And overwhelming is okay as they're not meant to be read by common home user but by IT admin. I think what Trend gives is just an overview, so good IT admin will require more info to be sent before purchase.
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Effectively testing APT defences:
     
Loading...