Today BluVector,
a leader in reinventing network intrusion detection, is now the first
and only security vendor to offer fileless malware detection in real
time on the network. The proclamation comes as 2017 has seen a
significant spike in "invisible" or "memory-based" cyber attacks on
enterprises. This type of malware hides in the memory of a compromised
machine and infects without leaving a trace on the machine's file
system, thus sidestepping traditional security and forensic tools.
BluVector's new fileless malware detection capability, featured in the company's new BluVector 3.0 release,
is delivered by an advanced analytic called the Speculative Code
Execution (SCE) engine. It is capable of emulating how code will behave
when executed in memory, and flagging behaviors that are indicative of
application vulnerability exploitation or shellcode misuse. Recent
examples of threats that used such vectors of attack include Petya,
NonPetya and WannaCry.
"Despite
substantial investment in numerous security products, enterprises
continue to be the victim of malware attacks and data breaches," said
Scott Crawford, research director for Information Security with 451
Research. "Fileless malware is an emerging tactic that attackers are
increasingly adding to their repertoire to evade malware defenses. As
evasive, fileless malware is extremely difficult to detect, security
teams cannot rely on outdated tools. New solutions, such as BluVector's
3.0, gives enterprise security teams a way to outsmart these more
stealthy threats and significantly mitigate potential damage from a
cyber attack."
SCE
runs in parallel with BluVector's patented machine learning engine,
which was trained and designed to detect file-based attacks, giving
BluVector customers a complete suite to detect file-based, full
fileless, and fileless attacks that become file-based further down the
kill chain.
"Tackling
the threat of fileless malware attacks can be daunting for even the
most sophisticated organizations," said Kris Lovejoy, CEO, BluVector.
"While there are new endpoint technologies available which can help
mitigate some of the risks, any security practitioner will tell you they
simply can't cover every network device, application, and mobile/IoT
device. Our customers have been asking for fast, easy, and
cost-effective ways to protect themselves against this vector of attack.
We are proud to be the first to offer a solution."
Available
today, BluVector 3.0 addresses the growing threat of fileless in
mid-sized and large organizations. In addition to fileless malware
detection, BluVector 3.0 features include:
- Virtual Appliance for ESXi:
A software-only virtual appliance that customers can run on their
VMware ESXiTM-equipped hardware. By providing physical and virtual
appliance options, BluVector enables a wider range of organizations to
optimize their north-south and east-west security defenses while
right-sizing their security investments.
- Centralized Management:
BluVector Central Manager enables Managed Service Providers and larger
enterprises to manage, view data and configure an unlimited number of
deployments from a single pane of glass.
- Intelligent Decision Support System Enhancements:
Targeted Logger allows analysts to dig deeper into security events by
delivering highlighted network log entries, which have been
pre-correlated to the events prioritized for analysis.
See how BluVector detects fileless malware threats in this video: