Protection against malicious URLs and attachments
Invincea announced the availability of a greatly expanded product suite to address emerging vectors of attacks against users.
Building off of its approach to breach prevention which focuses on seamless delivery of untrusted content in secure virtual environments, Invincea now provides its commercial and government clients with the capability to capture and contain the primary attack vehicles used in spear phishing, poisoned search results, and user-initiated infections.
As a result, even the most well-crafted phishing attempts using zero-day malware are contained before they can successfully take root in the end-user system, preventing the adversary from infiltrating the network.
End-users continue to be used as the primary incursion point for many of the most damaging attacks seen today. Additionally, as Operation Shady Rat, the Nitro attacks disclosed by McAfee and Symantec, and the recent analysis of Duqu show, attackers have expanded their repertoire of delivery tools to include content such as Microsoft Excel and Word files, as well as .zip and disguised executable files.
Extending beyond the initial protections against attacks via web browsing and PDF documents, Invincea’s new capabilities include:
- Expansion of Invincea BrowserProtection and DocumentProtection beyond URLs and Adobe PDF files to capture and contain potential threats within any Microsoft Office File, .zip, or executable type file.
- Increasing Invincea’s Threat Data Server capability to correlate and share forensic data on captured malicious content with internal and external threat intelligence sources such as Security Information Event Management (SIEM) systems and log management systems including McAfee ePolicy Orchestrator (ePO), ArcSight, Q1 Radar, and Splunk.
Invincea solutions perform seamless delivery of untrusted content in secure virtual environments, a system which enables signature-free malware discovery, without risking system infection, while providing pre-breach forensic analysis feeds to inform and improve other defense mechanisms.
This is accomplished via virtualization by creating protective bubbles around browsers and document editors. By insulating them in a fully virtualized environment that is completely separate from the desktop operating system, Invincea has created a desktop “airlock” that seals the potential attack vector off from infecting the desktop system and the enterprise network.
Using behavior-based detection, Invincea is able to detect all malicious activity – including zero-day exploits – within this contained environment. At the point of detection, Invincea automatically captures detailed forensics on malicious activity from the virtual machine and feeds that actionable “intel” to the Invincea Threat Data Server for correlation and further analysis. The content within the infected bubble is automatically and immediately destroyed and replaced with a clean environment.