Security Market Segment LS
Sunday, 07 August 2016 16:15

Ixia’s ThreatARMOR promises ‘zero-day malware Immunity’ with automatic blocking

By

Security company Ixia says its new ThreatARMOR solution adds "zero-day malware immunity", blocking mutated versions of malware that try to evade traditional security solutions.

Ixia bills itself as "a leading provider of network testing, visibility, and security solutions". It has made a bold claim, one it has even gone to the trouble of trademarking!

The technology behind this claim is called "ThreatARMOR" and is "a key component of Ixia’s Security Fabric".

ThreatARMOR claims it "blocks mutated versions of malware that use sophisticated obfuscation techniques to evade detection by signature-based security engines", with the rest of the Ixia Security Fabric solution claiming to provide "robust resilience, context-aware intelligent data handling, and security intelligence, ensuring the right data gets to the right tools every time even when encrypted, and enhancing the performance of existing security tools".

Ixia then goes on to give us a bit of a security intelligence primer, noting hackers and their ability to "continue to mutate and mask malware in innovative ways".

We are told that, in 2015, hackers "launched more than 1 million pieces of malware every day,’ and pointing to a CNN Money article for the stat.

The company notes that researchers in security companies ‘scramble to bring new products to market to counter these ever-evolving — or, mutated — threats,’ which is obviously something that security companies have to do if they want to stay in business.

Ixia then makes another obvious but necessary observation and states that "these defences, while powerful, have to process exponential increases in threats every year", and goes on to claim its solution "helps relieve those burdens by blocking zero-day mutations at their source".

How is this accomplished?

The company states its "Ixia Security Fabric is powered by feeds from the Ixia Application and Threat Intelligence Research Centre", and can "completely filter out unknown and zero-day attack mutations by blocking them based on their IP launch source rather than analysing those millions of attacks one at a time".

By reducing bad traffic and their associated alerts, says Ixia, "the Security Fabric makes existing security tools and teams more effective".

Ixia continues its explanation of how its technology works by getting to "zero-day mutations", and gives a recent example of the Locky ransomware, "in which malware changed to escape detection by signature-based antivirus and intrusion detection systems".

The company states that "zero-day mutations often target users through emails containing a document with macros. When the user opens it, the macro connects to the attacker’s remote server to download the ransomware which enabled Locky infections to hit 100,000 per day this year".

This is where the company says its "Threat Intelligence" is applied, a "comprehensive approach to strengthening applications with security solutions that are kept up to date with a feed from the company’s Application Threat Intelligence (ATI) Research Centre, which is continuously updated. The ATI Research Centre performs both manual and automated analysis of malware and techniques used by hackers to compromise networks, 24x7, 365 days a year".

Again, it’s something you’d expect to hear from a security company, for they wouldn’t be in business long without such capabilities!

However, Ixia clearly believes its technology is better, with its senior director of application and threat intelligence, Steve McGregory, stating: “Ixia’s ATI Research Centre captures and analyses thousands of new malware samples, including mutations, daily.

“We pay particular attention to their networking activity – what domains they search for, what sites they connect to for downloading new instructions or executables, and where they send exfiltrated data. We cross-reference all of those, and plug them into our machine learning and big data analytics engine to help ensure that our customers’ networks are protected.”

So, what "ThreatARMOR" is said to do is to "leverage the Ixia ATI feed to protect customers from malicious sites and reduces security alerts by using the attack’s IP address to block it".

"This means that even if a user accidentally opens a malicious document, the ransomware download attempt is blocked, nullifying the attack before other protections are even aware of the new threat."

Ixia say ThreatARMOR delivers zero-day malware Immunity "because it is not a signature-based solution".

We are told that it also "blocks attacks based on an expansive 'Rap Sheet' cloud database which contains up-to-date information about the proliferation of malicious IPs currently in use. Only sites with extensive proof of malicious activity are blocked, and clear on-screen evidence is provided by ThreatARMOR’s Rap Sheet".

So, there you have it. Time and Ixia’s customers will tell whether the approach is foolproof, or whether hackers will find a way around it, but the great game of whack-a-mole security ransomware-edition continues being played, with no sign of it ending anytime soon.

More info here

IXIA Threat Armour

CHIEF DATA & ANALYTICS OFFICER BRISBANE 2020

26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more

DOWNLOAD NOW!

Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments