Security Death Race 2018

Albeit a rather graphic metaphor for Advanced Threat Prevention, the action thriller film Death Race from 2008 is a visceral depiction of what every security professional goes through on a daily basis. Specifically, driving a set of cobbled together technologies around a known course that has surprises around every corner, many of which can mean death, on in the case of your organization, a major breach or malware disruption. Every time you plan for a certain type of attack, the enemy finds a new evasion technique and thus the race begins anew.

Or Is It Cat And Mouse?

Okay, so if Death Race is too graphic a metaphor, how about a classic cartoon from the 1940’s? Anyone remember Tom and Jerry? In over 200 segments, Tom (the cat) attempted new and creative ways to catch and eat Jerry (the mouse). The good news is that in a family cartoon, the mouse always wins, however, as any outdoor cat owner knows, in real life the cat wins very often. This is also the case with the game of cat and mouse between IT security professionals and cyber criminals intent on causing harm to your organization.

Coincidentally, according to SearchSecurity “There are currently about 200 known evasion techniques that are recognized by vendor products.”

Evolving Evasion Techniques

There are a number of methods by which the sophisticated malware of today can evade even the best of network-based security controls and technology defenses. But do you know how they work, and how they evolve?

  • How they work: Andrea Fortuna describes the 2 most common evasion techniques and 6 most common obfuscation techniques as:
    • Evasion Techniques: 1) Detecting sandbox using core count and 2) Detecting lack of user input
    • Obfuscation Techniques:1) Dead-code insertion, 2) Register reassignment, 3) Subroutine reordering, 4) Instruction subroutines, 5) Code transportation, 6) Code integration
  • How they evolve: Advanced Evasion Techniques (AET) don’t rely on creating new evasions, they simply play off variations of known evasions and combinations of know evasions to create something new. According to SearchSecurity:

“An AET can create literally millions of "new" evasion techniques from just a couple of combinations -- none of which would be recognized by current intrusion detection system (IDS) vendor products. If all 200 were used, the permutations would be unlimited.”

The Best Option Is To Not Play The Game

Why get caught in the game of constantly dealing with new evasion techniques when you an adopt an evasion-proof technology? The Solebit solution uses Multi-Tier protection to defend against attacks at different levels of the stack. This comprehensive approach is powerful, as evasion techniques may spread across different layers. The solution protects against advanced malware by using Solebit’s deep inspection that analyzes commands at the CPU level, all the way up to the application level, analyzing macros and embedded JavaScripts in Microsoft office or any other data file types whether on premise or in your public or private clouds.

Solebit’s SoleGATE uses a static analysis which is faster, more accurate, not OS version dependent and covers 100% of your code, with complete visibility. With SoleGATE, every line of code is evaluated, making Sandbox evasion techniques ineffective. The platform is agnostic to file type, client-side application type, or the client operating system used within the organization. Unlike a Sandbox which has to simulate specific customer environments, SoleGATE provides protection regardless of operating system, CPU architecture, and function (client, server) of the targeted machine.

See for yourself what SoleGATE can do to deliver evasion proof security for your organization today. Register for a free trial today.

Recent Posts