June 10, 2015

A New Approach To Zero-Day Protection

Andrew Tappert

Memory Integrity Verification Technology helps Linux administrators detect previously unknown threats.

Linux powers critical web and IT infrastructure for organizations around the world, which makes it a major target for cybercrime and cyber espionage. As the magnitude of threats increases, organizations are looking for new and better approaches for detecting them. 

One of those approaches is memory integrity verification, which helps ensure that systems are running only a defined set of software, flagging any unapproved applications. The key advantage of memory integrity verification for threat detection is that it does not depend on having prior knowledge of attackers or their tools.

Amidst the series of Shellshock patches last year, even those that reacted quickly were often unsure whether an attacker had penetrated their systems before they did so. As a result, there is little doubt that targeted cyber espionage campaigns are actively underway against Linux systems that were penetrated before patching. To counter these threats, organizations need security solutions that give the defender the ability to detect “zero-day” (previously unknown) malware. Memory integrity verification not only provides detection of advanced threats, it also enables investigators to quickly and easily analyze malware found in memory by pinpointing code that has been injected or modified.

Raytheon|Websense SureView Memory Integrity (formerly known as Second Look) covers all these bases and more, providing best-in-class memory integrity verification that is enterprise scalable, highly automated, and easily deployed and integrated. It takes a powerful new approach to an important market that isn’t well addressed by traditional security products: Linux servers in datacenters and Linux instances in the cloud. SureView Memory Integrity addresses the challenge of uncovering evidence of novel or targeted Linux attacks employing stealthy malware or other techniques that would avoid detection by other defenses.

When combing through products for their annual awards, the team at Cyber Defense Magazine looks for standouts that are both innovative and highly effective. This year, SureView Memory Integrity made the cut, and we are proud they named it “The Best Malware Analysis Solution – 2015."

Andrew Tappert is the Product Lead for Raytheon|Websense SureView Memory Integrity, overseeing the vision, development and deployment of the software. Tappert has more than 12 years of computer security software engineering experience.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.