At some point everyone has played “tag” as a kid. The thrill of running away from the person who is “it” with everything from sheer speed to American football running back-like fakes for evasion kept you “safe” but usually only for a moment. At some point sheer persistence was all that was needed to break through your evasion techniques and in some cases elegant counter fakes were required in order to be caught. The same happens daily with your cyber prevention infrastructure. It seems that cyber criminals find new ways to evade malware prevention strategies in order to cause a desired harm
Understanding Evasive Malware
For those of you who still don’t have a deep understanding of advanced persistent threats, then the US Department of Commerce National Institute of Standards and Technology (NIST) defines it in their report titled “Managing Information Security Risk Organization, Mission, and Information System View” as:
“An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.”
The most important and troublesome aspect of this definition is how malware “adapts to defenders’ efforts to resist it”. This ability to evade prevention methods is what renders even the most sophisticated cyber prevention strategies useless. This is possible because most security solutions require signature or behavior-based methodologies which has identifiable patterns which can be exploited by cyber criminals.
By the Numbers
According to Verizon’s 2018 Data Breach Investigations Report there were over 53,000 incidents and 2,216 confirmed data breaches in a 12 month period. Every IT security professional knows that it is not a matter of if an incident will happen in their organization but when.
Evading Evasive Malware
Solebit uses static evaluation, which is faster, more accurate, not OS version dependent and covers 100% of code, with complete visibility. With Solebit SoleGATE every line of code is evaluated, making Sandbox evasion techniques ineffective. On average, Solebit analysis time is between milliseconds up to a few seconds. Network Sandboxes typically take 5-15 minutes to perform the same analysis.
It’s not enough to just evade advanced evasive malware, you will also have to ensure the solution fits into the deployment architecture that meets your specific needs. The SoleGATE platform can be deployed in different ways to fully meet your organization’s needs:
- Public Cloud – support all major cloud infrastructure and compute service providers
- Virtual machine – supported hypervisors – VMware, Hyper-V, KVM & QEMU
- Containers – the only advanced cyber-threats solution that can be deployed as a software container on an organization’s services and products
- Organization’s private cloud
- Organization’s on-prem appliances
See for yourself what SoleGATE can do to evade advanced evasive malware in your organization. Register for a demo today.