Trusteer launches 'Apex' zero-day protection software in Europe

Is this the end of antivirus?

Security firm Trusteer believes it has invented the first ever system that can reliably block attacks targeting vulnerabilities in a clutch of common applications such as Java, and Adobe's Flash and PDF Reader.

It's a straightforward enough claim, but if it's true the Israeli firm better known for the Rapport browser plug-in used to protect customers of many of the world's top online banks from phishing, will have achieved one of security's holy grails; stopping unpatched exploits and zero-days.

Launched in the US in February and called 'Apex', the company describes the software as "stateful application control," a system for monitoring what every application and process is doing, comparing this with a subset of known legitimate behaviours.

If that sounds like an impossible ambition considering the size of the software universe, Trusteer stresses that Apex is targeted at the behaviours of a small group of applications responsible for the overwhelming majority of exploits, namely Java, Adobe's Reader and Flash, and Microsoft's Office.

According to Trusteer, it turns out that the legitimate behaviour of such applications is surprisingly finite, which it discovered after modelling this using its established Rapport browser protection system installed on 30 million PCs.

Trusteer's enterprise security director Dana Tamir estimates that about 98 percent of the attacks encountered by Rapport are connected to Java vulnerabilities most of the final 2 percent targeting Adobe.

The software could also block malware that injects code into legitimate processes, an increasingly common tactic for hiding infection, as well as protecting against the exfiltration of data.

Given that the product is designed to run as a client on a PC, receiving whitelisting updates from a cloud service, isn't this doing some of the job already carried out by antivirus software?

The company is not entirely unhappy to position Apex against antivirus software, seeing it as offering a form of endpoint protection that goes way beyond what traditional antivirus software is capable of.

Certainly, there is plenty of evidence that old-style antivirus protection no longer works well enough against the attacks targeting known and unknown software flaws, which many do.

"Today, the weakest link is [still] the end user endpoint. Enterprises have tried to battle the problem but they have failed," said Tamir.

"Our research shows that a lot of endpoints are not up to date with their patches."

The problem is simply that man endpoints simply can't be patched quickly enough, leaving them open to exploits that antivirus software was never invented to be aware of.

What is also likely is that mainstream antivirus companies and startups will jump on the same idea so Trusteer will find itself with competition in time.

Deployed either as a convention install or as a download for mobile or remote users directed to a web portal, enterprises could use the protection with almost no overhead.

Trusteer wasn't willing to give pricing which will vary by volume. A guide for smaller installs might be around $35 per seat.

The company admits it has uncovered interest from consumers for its software, but is likely to follow the model that worked for Rapport; let large enterprises offer protection for their customers if they think it worth doing so.

Join the CSO newsletter!

Error: Please check your email address.

Tags TrusteerPersonal TechMicrosoftsecurity

More about Adobe SystemsDana AustraliaMicrosoftTrusteerTrusteerTrusteer

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts