Digital DNA is the next generation of in-memory behavior detection and malware analysis technology. It detects suspicious behavior that evade other technologies. It is the only solution that predicts what these behaviors can do to eliminate false positives and respond proactively. Digital DNA is a critical technology for Active Threat Management.
THE FIRST THREAT DETECTION
Antivirus scans for malicious files using Signatures. However, hackers understand Antivirus techniques and continuously create new malware variants to bypass them. Antivirus is still relevant because it captures around 60% of today’s malware. However, they don't detect fileless attacks which accounts for 49% of today's threats.
NEXT GEN ANTIVIRUS
ADDING MACHINE LEARNING
Next Gen Antivirus extends threat coverage by applying machine learning. Vendors analyze malware samples and build models that scan and parse files, and then match features to detect new malware. Machine learning models need to be kept up to date. They are not very effective at detecting fileless attacks..
APPLICATION MONITORING IN A SANDBOX
Application containerization is a limited solution for browsers or applications like MS Office. It monitors applications in a sandbox. If it detects a malicious event it will remediate it. It works off of signatures and white listing. Application containerization effectivity is limited to what’s going on in the sandbox.
INCIDENTS OF COMPROMISE
Threat Intelligence is the staple of legacy EDR solutions. They rely primarily on Incidents of Compromise (IoCs), which are Signature-like. They look at OS events, filenames, CnC hosts and more to extrapolate a pattern indicating malicious activity. IoCs need to be continuously updated to be effective.
NO RELIANCE OF THREAT INTELLIGENCE
Legacy EDR solutions are evolving to behavior-based. They look for techniques that hackers use to carry out attacks. They look at processes, network connections, file and registry changes, and the pattern of those activities. Behavior-based solutions are effective because they don’t look at files or rely on threat intelligence.
IN-MEMORY THREAT DETECTION
THE FINAL FRONTIER
Advanced EDR solutions are predictive. In-memory behavior detection and analysis looks at processes running in-memory and reverse engineers them to identify malicious behaviors and what the attack is trying to do. It is the most reliable technology for detecting new malware variants and fileless attacks.
Partners can license Digital DNA to enhance threat detection. If you are interested, please contact Sales today.
ENDPOINT SECURITY VIDEO WHITEBOARD SERIES
REVERSE-ENGINEER THREATS IN MEMORY WITH RESPONDERPRO