Cyphort combines APT detection with lateral movement
At RSA Conference 2015, Cyphort announced the availability of Cyphort Advanced Threat Defense Platform 3.3, which includes malware lateral movement detection, the ability to combine advanced targeted attacks and Advanced Persistent Threats (APT) detection with lateral movement.
Several high-profile targeted attacks have utilized lateral movement as a way to penetrate organizations and seek out sensitive data, causing substantial financial and brand damage. This includes attacks on retailers targeting their PoS systems, attacks at oil companies that wiped their devices and many other attacks on telecom providers. Lateral movement of malware occurs after a compromised device joins an organization’s trusted network. The advanced malware then proceeds to replicate itself onto other vulnerable systems until a data rich target has been compromised.
Cyphort breaks new ground by combining the inspection of internal enterprise traffic with the innovative behavioral analysis array of sandboxes and machine learning analytics currently protecting enterprises from internet-based threats. This approach results in a clear picture of the impact and spread of advanced attacks while minimizing the false positives and false negatives.
Containment of advanced threats includes two aspects, isolation of the infected endpoints and blocking communication with the C&C servers. Today, Cyphort coordinates with several endpoint solutions on the market to validate and isolate compromised endpoints, preventing further spread of an attack.
“Today, no other company offers this groundbreaking malware lateral movement detection functionality utilizing sandbox based payload analysis,” said Dr. Fengmin Gong, co-founder and chief strategy officer with Cyphort. “There are a number of ‘network behavior’ based post-breach detection solutions on the market however, their efficacy remains dubious since they are not monitoring for malicious content, instead they are looking for traffic usage anomalies. Cyphort detects advanced malware present in the content being transferred internally and can immediately pinpoint the source and target of affected devices and provide the ability to contain the threat.”
Additional enhancements to Cyphort Advanced Threat Defense Platform 3.3 include:
- Amazon Cloud Deployment: Cyphort Core (the main analysis component) can now be deployed as an Amazon Machine Image (AMI) in Amazon Web Services (AWS). There are several customer benefits of this deployment, including the ability to more efficiently deal with fluctuations in demand, which optimizes resources. In addition, this enhancement also supports the transition to Hybrid Cloud infrastructures.
- Standard’s Based Threat Data Exchange: With this release, Cyphort is adding support for Structured Threat Information Expression (STIX). Cyphort already supports native integration with a number of ecosystem partners. With STIX support, network perimeter and endpoint client based solutions will be able to receive threat containment information from Cyphort and use it to block threat activity. In addition, STIX will allow easy data exchange across organizations.