endpoint security: amplified

Final-Connect-Image.jpg

The Pitfalls Behind And Ahead

The pace of advisories and reports surrounding new zer0day activity seems to be accelerating at an alarming rate in 2013. Growing numbers have been seen in the wild exploiting victims and gaining beachheads within enterprises around the world. Meanwhile, as a noted in a recent New York Times article, which highlighted the statistics of crimeware detection and prevention among the world’s top 45 antivirus engines commercially available, the cyber security industry has been slow to adapt. To illuminate some of the mystery behind some of the tools and techniques that makes executable detections more difficult than they used to be, it helps to examine a small chip off of the proverbial iceberg of evasion techniques to make the topic more digestible.

In the book Hacking Exposed – Malware and Rootkits, my co-authors and I discussed many of these evasion techniques and other tools such as crypters, binders, packers, polymorphism, and several other common methods that bolster the survivability of a malicious executable. Almost all of these tactics are incorporated by persistent threats in order to evade detection by most commercially available antivirus or other security products. To understand these methods and related behaviors, one must first examine the motive behind them.

Read More

Topics: Cyber Crime, Cyber Attack, APT, Detecting in-progress attack, in-progress attacks, VirusTotal, Anubis, Broad Crypter

Our New Patent for Next-Generation Cyber Attack Detection

In our ongoing quest to delve deeper into operating system behavior to detect the undetectable, CounterTack today announced the U.S. Patent and Trademark Office has awarded us a patent for next-generation cyber attack detection technology. The patent was developed at CounterTack’s research and development center in Santa Monica, Calif.

We developed a new approach that enables data collection and intelligence gathering from deep within operating systems. Monitoring at a deeper level of the network and system architecture has demonstrated a new level of behavioral analysis that enables detection of previously undetectable attacks, such as polymorphic and armored malware, directed and personalized attacks and non-malware attacks, including those from insider threats. 

Read More

Topics: Cyber Attack, Honeynets, Detecting in-progress attack, News

Introducing CounterTack’s New Senior Vice President of Sales

We are very pleased to introduce Kirk Appelman to the CounterTack team today as senior vice president of sales. Kirk, a veteran security executive, will be responsible for the direction and management of our sales operations, as well as driving CounterTack’s overall revenue growth.

Specializing in information security for more than a decade, Kirk holds more than 20 years’ experience in technology sales and sales management. He joins our team from Damballa, where he served as vice president of service provider solutions and established the company’s Telco/ISP business, which under his leadership became a substantial piece of the company’s overall revenue. He also established the company’s international presence by signing marquis clients across Europe and Asia. Prior to Damballa, he was a director of sales at Proofpoint, where he restructured and led the successful growth of the company’s business in the Eastern United States. Throughout his career, Kirk has also held sales leadership positions with McAfee, Juniper Networks and Internet Security Systems (ISS). You can read Kirk’s full bio here.

Read More

Topics: Cyber Defense, Cyber Security, Cyber Attack, Cyber attack intelligence, APT, Honeynets, Detecting in-progress attack, Breaches, Zero-day Attack, News, Breach

How Hackers Hide Their Tracks: Part 1

This is the first in a series of technical blog posts examining various attack scenarios through video simulations of CounterTack’s Event Horizon platform.   

Read More

Topics: APT, virtual machine introspection, Detecting in-progress attack, Event Horizon

Advanced Persistent "Threat"? Or an "in-progress attack"?

William Jackson's recent article in Government Computer News, "The Untimely Death of The Advanced Persistent Threat?" is an interesting read.  Apparently RSA and Mandiant no longer like the term "Advanced Persistent Threat."  (Aren't they the ones who defined it in the first place?). I share the concern they have with the term, but for a very different, more obvious reason.

Read More

Topics: Cyber Security, APT, Detecting in-progress attack

Subscribe to Email Updates

Posts by Topic

see all