Police use fingerprints as a unique signature to identify people when required to discern the differences between the potentially guilty and those who are innocent. However, anyone who has ever watched a Hollywood movie has seen that even these techniques can be spoofed in order to evade detection. We’ve also seen those same movies where a profiler is brought in to determine if the behavior exhibited signifies the potential for harm, but alas, those too can be faked if enough effort is applied
As you can image, these techniques became the first approaches to dealing with cyber threats: signature and behavior-based. And also, as you can imagine, thee techniques can be spoofed or evaded to deliver malware into your organization. But is there a superior method that is evasion proof, not relying on either signatures or behaviors?
Before we look into new methods for signature-less and behavior-less cyber security strategies, let’s take a closer look at how it started.
In a conversation posted at Security Stack Exchange, signature-based security is described as:
“Viruses have signatures like you have. Some tend to have static signatures while others tend to have polymorphic ones. Imagine you could change your signature and try and get away with it (from your bank or any such institutions). In static signatures, the antivirus has a predefined database of known signatures and hence while scanning, it creates the appropriate signature for each file (using MD5 or other hashes) and compares them with the predefined list. If they match, the file is treated as a 'threat'. This antivirus database is updated on you click the update button in your AV interface which provides you with a list of known signatures and adds it to the existing database thereby protecting you against latest threats.”
Signature-based security solutions have the benefit of speed but suffer greatly for new signatures (i.e. zero day malware) and even when polymorphic derivatives appear. Thus, the advent of behavior-based security solutions.
According to What Is at TechTarget.com behavior-based security will:
“…compare the actions of files or network packets to a list of accepted or suspicious actions. In general, signature-based tools are best at identifying and repelling known threats, while behavior-based are best for fighting zero-day threats that have not yet made it onto a list of known threat signatures.
Behavior-based security software scans for deviations from the norm and has the intelligence to decide whether an anomaly poses a threat or can be ignored. Most behavior-based security programs come with a standard set of policies for which behaviors should be allowed and which should be considered suspicious, but also allow administrators to customize policies and create new policies.”
Unfortunately, cyber criminals have discovered ways to evade behavior-based solutions as well, so a new approach is needed.
When you are ready to truly prevent instead of having to remediate cyber threats, even zero-day, then you are ready for Solebit. Using deep inspection and analysis methods SoleGATE is able to interpret and detect code in real time and immediately block threats from penetrating your organization. DvC™ is truly signature-less and has no assumptions on threat heuristics or behavior and assumes that there is no legitimate reason for executable code to be present in a data file, it relies solely on identifying code existence on non-executables files.
Check out this whitepaper on a signature-less, evasion-proof approach against modern cyber attacks that doesn’t require sandboxing. It will outline how to strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.