Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/24/2013
10:14 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

F-Secure Launches DeepGuard 5

DeepGuard 5’s exploitation protection monitors the processes of programs that are commonly exploited

SAN JOSE, Calif. – June 18, 2013 – Exploit kits, like "Blackhole" and "Cool," are expanding Botnets, like "Citadel" via exploits. Exploitation of software vulnerabilities has become one of the most popular ways to gain access to users' machines, but F-Secure is reinforcing its exploit defenses with enhanced proactive protection. With the rollout of DeepGuard 5, the newest version of F-Secure's behavior-based analysis technology that blocks new and emerging threats, F-Secure will be able to detect exploit attempts without needing to know the vulnerability they are exploiting.

Exploits usually attack via malicious or compromised websites. They take advantage of flaws in the code of a computer's installed applications to access the computer and infect it with malware that can spy on the user, steal passwords or other sensitive data, or even take control of the machine. 70 to 80% of F-Secure Labs' top 10 detected malware are exploits – a growth in popularity that is largely due to exploit kits, which have made it simple for even the technically unskilled to break into computers.

"Malware can mutate in characteristics, but the constant is that it always does malicious things," said Timo Hirvonen, Senior Analyst at F-Secure. "With exploits, their appearance can change and the vulnerability they use can change, but they always do what exploits do. Typical protection is related to the vulnerability being exploited, but we now detect exploits based on their behavior, offering better coverage because vulnerabilities aren't always known."

DeepGuard 5's exploitation protection monitors the processes of programs that are commonly exploited, such as browsers, plugins, Microsoft Office, Java, and so on. It also watches programs used to open commonly exploited document types like Microsoft Word or PDF. DeepGuard blocks any suspicious or malicious behavior indicative of an exploit attempt.

Behavioral analysis: A critical layer of multilayered protection

Exploit interception is just the latest addition to DeepGuard, which addresses the weak point of traditional signature scanning: the need to have a malware sample in order to analyze it and then be able to protect from it. In the time it takes for a security lab to receive a sample and update protection, the malware could have already infected users. Compounding the issue is the exponential growth in new malware variants made possible by automated malware creation kits, which make it easy to spit out thousands of new variants.

"Top-line antivirus technology stopped being about blocking bad guys on a wanted list years ago," said Sean Sullivan, Security Advisor at F-Secure. "Blocking malware requires understanding its behavior. That's why we developed our first version of DeepGuard in 2006. And this newest version is our most powerful learner of bad behaviors yet."

DeepGuard steps into action when a program is executed, and, to catch malware that would delay malicious behavior, it continuously monitors while the program is running. DeepGuard's behavioral analysis and exploit interception constitute just two of F-Secure's security layers, which also include browsing protection, signature scanning, file reputation analysis, and prevalence rate checking.

DeepGuard was instrumental in F-Secure's win of the Best Protection 2012 award from the AV-TEST Institute. F-Secure's home user product beat out 19 other vendors' products, providing the best protection against current threats such as malware infections caused by zero-day attacks and malicious websites and emails. With DeepGuard's new exploit protection, customers can be sure they still have the top protection. DeepGuard 5 has already been rolled out, so F-Secure customers with the latest product versions are already benefiting from the new protection.

Read more about DeepGuard in F-Secure's brand new whitepaper, "F-Secure DeepGuard: Proactive On-Host Protection Against New and Emerging Threats" available at http://safeandsavvy.f-secure.com/2013/06/18/deepguard.

F-Secure – Protecting the irreplaceable

While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.