Cisco includes Italtel’s enterprise SDN applicat... » Milan: Italtel has announced its Netwrapper application has been included in the official Cisco GPL ... InfinityQS upholds ISO 9001:2015 & ISO 27001:2013 ... » InfinityQS® International, Inc. (InfinityQS) has announced that it has successfully sustained its ce... New PT Application Firewall easier to deploy, co... » London: Cybersecurity expert Positive Technologies has announced a new version of its web applicatio... Logicalis acquires Packet Systems Indonesia to g... » London: Logicalis, an international IT solutions and managed services provider, together with Metrod... Revolutionary new AI event to launch in London -... » London: With discussion around artificial intelligence (AI) at an all-time high, MACHINA Summit.AI i... Basefarm acquires The unbelievable Machine Compa... » LONDON: Basefarm has announced their acquisition of the Berlin-based The unbelievable Machine Compan... PhishMe takes home SC Europe Awards 2017 » LONDON, UK: PhishMe® Inc. has announced that PhishMe Simulator™ and PhishMe Reporter® were recognise... Prevalent acquires Datum Security for SMB third-... » WARREN, NJ:  Prevalent, Inc. has announced the acquisition of Datum Security, the leader in Third Pa... LAST CHANCE TO GAIN RECOGNITION IN POWER PLAYERS... » There are just two weeks remaining for leading younger people (aged 39 or below) to enter this year’... LEADING BUSINESSES WIN TOP INDUSTRY AWARDS » An independent panel of judges, who included the ECA’s Paul Reeve (Head Judge), Philip Buckle, Direc...

CLICK HERE TO

SOCIAL BOOKMARK

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Case Studies

PALO ALTO, Calif.: SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today launched its first Enterprise Risk Index which highlights the growing use of in-memory attacks, further proof that attacks simply cannot be stopped by traditional, static, file inspection security solutions.

The report includes an analysis of filtered data from more than 1 million SentinelOne Enterprise Platform agents deployed worldwide during the last half of 2016. Findings are based on behavioural analysis of malware programs that bypassed firewalls and network controls to infect endpoint devices.

“These days, infecting a target is just a matter of resources; but how long the hackers get to stay inside the network is a matter of good detection,” said Andy Norton, EMEA risk officer for SentinelOne and lead researcher for the Enterprise Risk Index. “In our analysis, we focused on the attacks that are successful in making their way past traditional defences to reach endpoint targets because these are the threats that pose the greatest risk to an organisation. That’s what we should be measuring - not what’s stopped at the gateway.”

The report focuses on attack methods classified into three risk categories:

  • Attacks detected from document-based files, largely associated with Microsoft Word or Adobe PDF.
  • Attacks detected from traditional portable executable-based files.
  • Attacks detected only from the memory of the system with no associated new artefacts on the system.

From the report, “we won’t be announcing what the top malware family is - for example, Zeus, Diamond Fox or Upatre - however, we do build indicators of compromise to help with identification and response, and when a hash value exists we have submitted the hash to malware repositories to see what other submissions there have been for them.”

Key findings of the report include:

The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file-based vectors.

Even for file-based attacks, only 20 percent of threats had corresponding signatures from existing AV engines.

Nation-state actors are trading infection sustainability for stealth, leaving no new artefacts on the file system and relying on memory-based attacks, even if it means needing to re-infect the target.

Three-pronged infections are becoming the norm as attackers no longer rely solely on .exe files to deliver malware, but instead use hybrid attacks that multiple attack vectors can utilise in one attack chain.

“Our goal with the Enterprise Risk Index is to help organisations getter a better view of which threats are successful in reaching the final barrier in enterprise defences,” said Norton. “With this data in mind, customers can better determine not only what the risks are but where they are and can adjust their security planning and investments accordingly.”