Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/24/2013
10:14 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

F-Secure Launches DeepGuard 5

DeepGuard 5’s exploitation protection monitors the processes of programs that are commonly exploited

SAN JOSE, Calif. – June 18, 2013 – Exploit kits, like "Blackhole" and "Cool," are expanding Botnets, like "Citadel" via exploits. Exploitation of software vulnerabilities has become one of the most popular ways to gain access to users' machines, but F-Secure is reinforcing its exploit defenses with enhanced proactive protection. With the rollout of DeepGuard 5, the newest version of F-Secure's behavior-based analysis technology that blocks new and emerging threats, F-Secure will be able to detect exploit attempts without needing to know the vulnerability they are exploiting.

Exploits usually attack via malicious or compromised websites. They take advantage of flaws in the code of a computer's installed applications to access the computer and infect it with malware that can spy on the user, steal passwords or other sensitive data, or even take control of the machine. 70 to 80% of F-Secure Labs' top 10 detected malware are exploits – a growth in popularity that is largely due to exploit kits, which have made it simple for even the technically unskilled to break into computers.

"Malware can mutate in characteristics, but the constant is that it always does malicious things," said Timo Hirvonen, Senior Analyst at F-Secure. "With exploits, their appearance can change and the vulnerability they use can change, but they always do what exploits do. Typical protection is related to the vulnerability being exploited, but we now detect exploits based on their behavior, offering better coverage because vulnerabilities aren't always known."

DeepGuard 5's exploitation protection monitors the processes of programs that are commonly exploited, such as browsers, plugins, Microsoft Office, Java, and so on. It also watches programs used to open commonly exploited document types like Microsoft Word or PDF. DeepGuard blocks any suspicious or malicious behavior indicative of an exploit attempt.

Behavioral analysis: A critical layer of multilayered protection

Exploit interception is just the latest addition to DeepGuard, which addresses the weak point of traditional signature scanning: the need to have a malware sample in order to analyze it and then be able to protect from it. In the time it takes for a security lab to receive a sample and update protection, the malware could have already infected users. Compounding the issue is the exponential growth in new malware variants made possible by automated malware creation kits, which make it easy to spit out thousands of new variants.

"Top-line antivirus technology stopped being about blocking bad guys on a wanted list years ago," said Sean Sullivan, Security Advisor at F-Secure. "Blocking malware requires understanding its behavior. That's why we developed our first version of DeepGuard in 2006. And this newest version is our most powerful learner of bad behaviors yet."

DeepGuard steps into action when a program is executed, and, to catch malware that would delay malicious behavior, it continuously monitors while the program is running. DeepGuard's behavioral analysis and exploit interception constitute just two of F-Secure's security layers, which also include browsing protection, signature scanning, file reputation analysis, and prevalence rate checking.

DeepGuard was instrumental in F-Secure's win of the Best Protection 2012 award from the AV-TEST Institute. F-Secure's home user product beat out 19 other vendors' products, providing the best protection against current threats such as malware infections caused by zero-day attacks and malicious websites and emails. With DeepGuard's new exploit protection, customers can be sure they still have the top protection. DeepGuard 5 has already been rolled out, so F-Secure customers with the latest product versions are already benefiting from the new protection.

Read more about DeepGuard in F-Secure's brand new whitepaper, "F-Secure DeepGuard: Proactive On-Host Protection Against New and Emerging Threats" available at http://safeandsavvy.f-secure.com/2013/06/18/deepguard.

F-Secure – Protecting the irreplaceable

While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15073
PUBLISHED: 2019-11-20
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15072
PUBLISHED: 2019-11-20
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15071
PUBLISHED: 2019-11-20
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail syste...
CVE-2019-6176
PUBLISHED: 2019-11-20
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
CVE-2019-6184
PUBLISHED: 2019-11-20
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.