A security startup is pushing a mix of threat correlation, sandboxing and traffic inspection to address the challenges posed by sophisticated malware and zero-day attacks.
Emerging from stealth mode, security vendor Cyphort announced the general availability today of its Advanced Threat Defense Platform a month after being named a finalist in the RSA conference’s 2014 Innovation Sandbox competition. The platform combines a number of detection methods together with machine learning and a threat correlation engine.
“Cyphortconsists ofsoftware-based collectors that are placed at various locations on the networks, including ingress and egress points,” said Anthony James, vice president of products and marketing at Cyphort. “[The] collectors can be deployed as software running on commodity hardware or as VM running on Hypervisor and collecting traffic from virtual TAP ports in a virtual environment and cloud. They are much easier and cost effective to deploy then installing dedicated appliances.Customers can scale collection across their distributed organization cost effectively as the software is provided free of charge.”
According to the company, the product’s architecture separates the collection of traffic from threat detection and analytics without having to deploy appliances everywhere. It also combines multi-sandbox inspection of content with a machine-learning system.
“Sandboxes are part of the inspection phase,” James said. “Suspicious objects are executed in three separate sandbox environments including a VM sandbox, emulation sandbox and a custom image sandbox. Several thousand data points are collected as part of this inspection and used by our machine learning analysis engine to detect malware.”
To block zero-day attacks, the technology relies on dynamic inspection in the sandbox along with the machine learning analysis engine. The platform correlates information and prioritizes threat based on threat intelligence, the particular users and devices targeted and infected and command and control traffic. The product also can dynamically generate policies for firewalls, Web gateways and IPS signatures that can be implemented through the management consoles of those respective products.
“Many organizations are either insufficiently tooled to sift through the haystack of presented threats, unequipped to identify which events present real risk to their organization, or both,” said David Monahan, an analyst with Enterprise Management Associates, in a statement. “Cyphort’s ability to identify and prioritize events using a context-based risk ranking helps organizations to respond with significantly higher agility, precision and effectiveness.”
Currently, the Cyphort Platform is able to analyze content across both Windows and OS X environments. Support for Linux is slated to come later this year.
Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:Security Start-up Pushes Threat Detection, Correlation With New Platform Microsoft Investigates IE 9, 10 Vulnerability Targeted in AttacksLinksys Router Worm SpreadingGameover Zeus Most Prevalent Banking Trojan of 2013: Dell SecureWorksAbsolute Software Strikes Back Over Computrace Security Vulnerability Claims
Tags: Network Security