Malware Is a Symptom – Don’t Treat Symptoms

Posted by Arthur Braunstein on Mar 30, 2017 3:00:29 AM
Arthur Braunstein
Find me on:

malware-is-a-symptom.jpg

Imagine this. You are in charge of public health and must deal with an unrelenting epidemic. You have two options for protecting the population.

The first option is to monitor each person for symptoms of infection. You buy analytical technology and infrastructure, hire staff and build hospitals. You send forth specialists to monitor everyone. When they notice symptoms, more tests are performed. The symptoms are
subtle (fatigue, headache, stiffness), and healthy and sick people look a lot alike, so to be on the safe side you test far more people than are truly ill. Once you suspect infection, you quarantine the person and start a course of treatment. Sometimes the people are cured. Sometimes they are not. You can’t guarantee that you will find everyone who is infected. Or that everyone you treat is ill. The monitoring and mandatory quarantine intrude on civil liberties, disrupt lives and interfere with the economy. To compound matters, the disease mutates, so you have to continually design new screening tests and retrain the specialists.

The second choice is to immunize the population against the disease. If you do that, you’re done.

The approach to protecting the enterprise from cyber pathogens is a lot like scenario one. Armies of specialists use layers of technology to monitor for malware, which is a symptom that an attack has succeeded, and try to remediate it. It is a costly and complex way of doing things. Yet it doesn’t eliminate the root cause of the disease: the infection process itself. This guarantees that many of the nearly one million new malware samples manufactured daily [1]—yes, daily—will slip past the monitors. That’s because zero-days and advanced attacks, the unknown unknowns of cyber warfare, bypass defenses like AV, EDR, Next GEN AI or Machine Learning, sandboxing, and behavioral and network anomaly detection. Attackers have the advantage of unpredictability, and always will have it, as long as AV, EDR, etc, are the primary defense.

It would be depressing if there were no alternative to these expensive, ponderous and error-prone brute-force methods. But technology and a product do exist for nullifying the attackers’ advantage and immunizing the enterprise against advanced and evasive attacks. These attacks, including fileless malware and ransomware, cannot bypass Morphisec’s Endpoint Threat Prevention which employs Moving Target Defense technology. Here is why. Advanced attacks have the strength that they are undetectable; and the weakness that they must use memory resources to execute in memory before exploiting software vulnerabilities. Moving Target Defense morphs these memory resources, making them unfindable and unknowable. Once the resources become unfindable and unknowable, attacks have no way to execute in memory. With no way to execute in memory, there is no way for them to call to a command and control server and download malware. And with no malware, there is nothing to detect and nothing to remediate. 

In other words, Moving Target Defense prevents attacks in the first place. It never lets the payload (pathogen) get established, so there is no malware (symptom) to detect, and the necessity of re-imaging and patching (cure) drops. The anxiety that a variant (mutation) will lead to a false negative goes away. All this gives relief from monitoring and analyzing prodigious numbers of alerts, most of them innocuous processes and false positives.

Vaccination has removed entire epidemics from our experience. People may still get sick, but our lives are immeasurably better without smallpox and polio. Similar outcomes are possible in cyber security, where much of the zero-day and other advanced and evasive attack epidemic can be prevented. Moving Target Defense is the vaccine for doing this. And Morphisec has developed the vaccine, making immunization simple, easy, and staggeringly effective.

----

[1] According to a report by Symantec.  

New Call-to-action

Topics: 0-day exploits, Moving Target Defense, Advanced Persistent Threats, Endpoint Security

Welcome to our Blog

Keeping you in the loop with company updates, industry insight, cyber security trends, and cyber attack information.

Subscribe to the blog

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....