Triumfant detects and stops in-memory malware attacks
Advanced Volatile Threats are malware attacks that take place in a computer’s RAM or other volatile memory, and are difficult to detect because they are never stored to the hard disk. Unlike APTs that create a pathway into the system and then automatically execute every time a machine is rebooted, an Advanced Volatile Threat enters a machine in volatile, real-time memory, exfiltrates the data, then immediately wipes its fingerprints clean – leaving no trace behind as the computer is shut down.
Triumfant launched an Advanced Volatile Threat (AVT) module to detect and stop “in-memory” malware attacks. The new solution, which is bundled free with Triumfant’s product suite, combines patented malware detection software with new tools that can accurately track malware functionality operating in the volatile memory of the endpoint machine.
A key aspect of the Memory Process Scanner is its ability to detect volatile exploits. In the case of an exploit, the malware injects itself into a normal process. Once the malware is running, it may migrate to a different process and download other tools to be used by the attacker. Catching the initial exploit allows the earliest possible detection and identifies the vulnerable process that is being compromised.
Features include:
Anomalous Application Verification: Automatically links related anomalous behaviors and generates supporting evidence for anomalous applications on the endpoint.
Irregular Process Notifications: An attacker will often hide a backdoor process inside another process that doesn’t normally communicate over the network. The Memory Scanner can detect processes as a behavioral anomaly if it tries to communicate over the network.
Bandwidth & Authentication: Triumfant’s 5.0 update is more bandwidth efficient than current messaging systems, includes bidirectional authentication to prevent spoofing, and contains message sequence numbers to prevent replay attacks.
Second Generation Messaging System: Triumfant 5.0’s new messaging system is based on JSON-RPC over HTTP implemented in JavaScript and can be used to communicate with agents designed for Windows and non-Windows platforms.
Management: Installation, verification, operation, and maintenance of the Triumfant malware detection solution is provided with each 5.0 upgrade.
“The security industry has tried many approaches to preventing malware over the years, and some have worked better than others. By now, thanks to numerous studies, everyone should realize that the signature-based approaches of old have limited value,” said Adrian Sanabria, Senior Security Analyst, 451 Research.