Security Market Segment LS
Sunday, 07 August 2016 16:15

Ixia’s ThreatARMOR promises ‘zero-day malware Immunity’ with automatic blocking

By

Security company Ixia says its new ThreatARMOR solution adds "zero-day malware immunity", blocking mutated versions of malware that try to evade traditional security solutions.

Ixia bills itself as "a leading provider of network testing, visibility, and security solutions". It has made a bold claim, one it has even gone to the trouble of trademarking!

The technology behind this claim is called "ThreatARMOR" and is "a key component of Ixia’s Security Fabric".

ThreatARMOR claims it "blocks mutated versions of malware that use sophisticated obfuscation techniques to evade detection by signature-based security engines", with the rest of the Ixia Security Fabric solution claiming to provide "robust resilience, context-aware intelligent data handling, and security intelligence, ensuring the right data gets to the right tools every time even when encrypted, and enhancing the performance of existing security tools".

Ixia then goes on to give us a bit of a security intelligence primer, noting hackers and their ability to "continue to mutate and mask malware in innovative ways".

We are told that, in 2015, hackers "launched more than 1 million pieces of malware every day,’ and pointing to a CNN Money article for the stat.

The company notes that researchers in security companies ‘scramble to bring new products to market to counter these ever-evolving — or, mutated — threats,’ which is obviously something that security companies have to do if they want to stay in business.

Ixia then makes another obvious but necessary observation and states that "these defences, while powerful, have to process exponential increases in threats every year", and goes on to claim its solution "helps relieve those burdens by blocking zero-day mutations at their source".

How is this accomplished?

The company states its "Ixia Security Fabric is powered by feeds from the Ixia Application and Threat Intelligence Research Centre", and can "completely filter out unknown and zero-day attack mutations by blocking them based on their IP launch source rather than analysing those millions of attacks one at a time".

By reducing bad traffic and their associated alerts, says Ixia, "the Security Fabric makes existing security tools and teams more effective".

Ixia continues its explanation of how its technology works by getting to "zero-day mutations", and gives a recent example of the Locky ransomware, "in which malware changed to escape detection by signature-based antivirus and intrusion detection systems".

The company states that "zero-day mutations often target users through emails containing a document with macros. When the user opens it, the macro connects to the attacker’s remote server to download the ransomware which enabled Locky infections to hit 100,000 per day this year".

This is where the company says its "Threat Intelligence" is applied, a "comprehensive approach to strengthening applications with security solutions that are kept up to date with a feed from the company’s Application Threat Intelligence (ATI) Research Centre, which is continuously updated. The ATI Research Centre performs both manual and automated analysis of malware and techniques used by hackers to compromise networks, 24x7, 365 days a year".

Again, it’s something you’d expect to hear from a security company, for they wouldn’t be in business long without such capabilities!

However, Ixia clearly believes its technology is better, with its senior director of application and threat intelligence, Steve McGregory, stating: “Ixia’s ATI Research Centre captures and analyses thousands of new malware samples, including mutations, daily.

“We pay particular attention to their networking activity – what domains they search for, what sites they connect to for downloading new instructions or executables, and where they send exfiltrated data. We cross-reference all of those, and plug them into our machine learning and big data analytics engine to help ensure that our customers’ networks are protected.”

So, what "ThreatARMOR" is said to do is to "leverage the Ixia ATI feed to protect customers from malicious sites and reduces security alerts by using the attack’s IP address to block it".

"This means that even if a user accidentally opens a malicious document, the ransomware download attempt is blocked, nullifying the attack before other protections are even aware of the new threat."

Ixia say ThreatARMOR delivers zero-day malware Immunity "because it is not a signature-based solution".

We are told that it also "blocks attacks based on an expansive 'Rap Sheet' cloud database which contains up-to-date information about the proliferation of malicious IPs currently in use. Only sites with extensive proof of malicious activity are blocked, and clear on-screen evidence is provided by ThreatARMOR’s Rap Sheet".

So, there you have it. Time and Ixia’s customers will tell whether the approach is foolproof, or whether hackers will find a way around it, but the great game of whack-a-mole security ransomware-edition continues being played, with no sign of it ending anytime soon.

More info here

IXIA Threat Armour


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments