Security vendors are showing new confidence against malware attackers as they launch new classes of products designed to take the fight back to malware authors that have recently been overwhelming many companies' traditional defences.
The new Advanced Threat Protection (ATP) tool from Symantec, for one, has productised the type of cloud-based file sandboxing environment often used internally by security companies to analyse the behaviour of new malware. It is based on a cloud-based malware analysis engine called Cynic, which uses Symantec's Workplace Virtualisation technology to run suspect attachments within numerous virtual machines based on different versions of Windows.
Cynic works as part of an expanding security-monitoring ecosystem that automatically traces the flow of files between endpoints, enabling systems administrators to retrace the steps of malware that has spread to various endpoints.
The technology complements Symantec's existing Skeptic code-analysis and Sonar behaviour-analysis engines and, reflecting malware's growing ability to detect whether it's running in a sandbox – a capability that Nick Savvides, Symantec Pacific business manager for Cyber Security Services said is now found in 28 percent of malware, up from 18 percent a year ago – the technology includes mechanisms that proactively simulate human behaviour in order to coax malware out of its shell.
“We're dealing with the realisation that some threats will not be blocked and will hit your environment,” Savvides told CSO Australia. “They will hit desktops and pass through email, but we are focused on being able to detect that and respond quickly. By putting this in the cloud, customers don't have to set up hundreds of systems or virtual machines for testing.”
Symantec's new-product ambitions are complemented by recent announcements from numerous other vendors, all hoping to reposition themselves within the ever more-crowded security-tools space.
Dell, for one, recently complemented its Dell Endpoint Security Suite, launched in March, with a number of new security offerings in areas such as identity management, network security, email security, and cloud data protection. The company's Dell SecureWorks subsidiary also deployed an on-demand Emergency Cyber Incident Response capability for Amazon Web Services (AWS) users, and released a security-vulnerability assessment tool called AEGIS to sit within its Managed Security Services portfolio.
Nexon Asia Pacific has built on Palo Alto Networks' Next-Generation Security Platform to deliver a new managed cloud service. Ixia recently released ThreatARMOR, a new security tool for filtering and blocking IP addresses. Fortinet, for its part, released its Software-Defined Network Security (SDNS) framework to close security gaps between the components of hybrid infrastructure.
Startup Lumeta Corporation recently boosted its venture funding to $US13m ($A18m) on the back of situational-awareness tools such as its new Cyber Threat Probe, which picks out threats by applying threat-intelligence data to a constantly updated index of network resources. And LeaseWeb, which was hit by attackers in late 2013, this month turned the incident into a new security product line with the launch of LeaseWeb Application Security – combining a web application firewall, threat intelligence services, application-security specialists, and a 24/7 Security Operation Centre.
Also overhauling its software offerings is Sophos, which has been working on a cloud-based endpoint security roadmap and a revamped firewall operating system known as Project Copernicus; the company also recently complemented the product expansion by extending its partner network – a move recently taken by numerous other vendors in Australia.
These and other nascent security tools reflect a period of innovation that suggests threat analysts are finally getting back on the front foot in dealing with ever more-resourceful malware.
“I've been with the company for nearly 10 years,” says Savvides, “and I really feel like we've got our innovation and our R&D back. It's a very exciting time right now.”
- The week in security: Building the open-source SOC; 215m Aussie malware hits last year
- Mozilla overhauls security indicators in Firefox 42
- The week in security: Malware-laden apps persist as iOS 9 zero-day scores $1m bounty
- IT-security specialists leading support for national STEM-education promotion
- The Failed Promise of New Cyber Security approaches.