The recent Internet Explorer exploit uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections. (http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html)
Several vendors have come forth and said that they are covering the "zero-day" IE exploit (CVE-2014-1776). The vast majority of these are utilizing signatures (ie: known patterns) based on attack samples that have been provided. History has proven that the attackers will test and change their packaging of the attacks in order to evade the detection on these products moving forward.
As outlined in our technology section of our site here: http://www.opendns.com/enterprise-security/technology/efficacy/ we use a complex security stack for increased efficacy. This includes 3rd party detection engines that use signatures and heuristics, threat feeds, and our security community. At the top of the stack however is our Security Graph (http://labs.opendns.com/security-graph/). The Security Graph is designed to use our massive amount of data and algorithmic classifiers to detect unknown attacks in advance. This is particularly important in not just preventing zero day attacks but detecting and containing them. In the case of the above attack, the domains that are being used for the command and control are being detected and contained.
Additionally we are adding attribution within the product to help our customers identify when they have had an attempt or infection that we are containing.
Comments
0 comments
Article is closed for comments.