Thursday, July 23, 2015

Micro-virtualization: The only way to defeat Hacking Team 0-days [feedly]



----
Micro-virtualization: The only way to defeat Hacking Team 0-days
// A Collection of Bromides on Infrastructure

m4

This week micro-virtualization helped to make your organization more secure.

The Hacking Team breach laid bare the resourcefulness and sophistication of today's determined attackers, and the ease with which they operate. It also cast into stark relief the fact that only micro-virtualization can stop these attacks.  Every other technology fails with certainty: Network Sandboxes, AV, HIPS, application control, attack mitigation, hosted browsers and application sandboxes can't save you.  But don't expect those vendors to admit it.

As other security research teams struggled to investigate the HT 0-days on air-gapped networks, the Bromium Labs team safely observed each attack as it wreaked havoc in a micro-VM.  We published our first research within 48 hours of the breach, followed by a detailed analysis of the Hacking Team's RAT.

Within days, customers told us that our product successfully isolated, automatically remediated, and delivered threat forensics for newly weaponized HT 0-day attacks – often delivered to the endpoint together with new sandbox escapes – underlining the futility of kernel-based protection.  The speed with which malware writers incorporated HT's government grade exploits into new attacks on commercial targets is breathtaking.

The unsung heroes of the past week are the researchers and developers who quickly pulled together and tested patches:  Yesterday Microsoft released patches for 6 new kernel CVEs, 3 of which permitted privilege elevation.   Adobe also issued emergency patches for Flash.  Unfortunately there are certainly other closely guarded exploits in the hands of other threat actors, so patch your endpoints immediately if they are not protected by Bromium. We are proud to have protected our customers from compromise, and to have helped with the research & response effort.

There is a single, stark difference between Bromium and every other endpoint protection / detection & response tool.  Only Bromium defeats each attack by design – delivering detailed, real-time alerts, before automatically remediating the endpoint.  How are you going to protect your enterprise against the next attack?

 

 



----

Shared via my feedly reader


Sent from my iPhone