| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Signatureless attack detection is becoming the hot topic in threat
prevention. Client side security vulnerabilities are often found in zero day
exploits in the wild, meaning that signature based intrusion detection and
prevention systems are not likely to catch these attacks. Signatureless
detection systems are designed to detect these kinds of attacks and they do
provide some additional layer of security. One of the techniques deployed by
signatureless is called sandboxing. In sandboxing , the signatureless attack
detection systems executes files that are being transferred in networks in
sandbox. They carefully instrument the execution and based on that determine if
the file was malicious. We have analyzed signatureless detection and
particularly the sandboxing technique, and we have and found several issues in
the concept. We have also found ways to completely evade sandboxing. We have
taken some peeks into one of the market leading sandboxing product and will
discuss about our findings. In this presentation we will highlight the problems
we have identified in signatureless attack detection and sandboxing, and present
our findings regarding one of the market leading product. The attendees will
better understands limits of these systems. Even though they do provide
additional layer of security, there are issues one should know. BIOS: Olli-Pekka Niemi has been working in Internet security
since 1996. He has experience in offensive security as a Penetration Tester and
in defensive security as a System Administrator. Since December 2000, he has
been working for Stonesoft R&D, developing Intrusion Prevention Systems and Next
Generation Firewalls. His main R&D interests are analyzing network-based threats
and evasion research. Mr. Niemi is the founder and head of the Stonesoft
Vulnerability Analysis Group (VAG). He is also the Chief Research Officer of
Stonesoft. Mr. Niemi has given presentations at various security conferences
such as T2, DeepSec, Positive Hack Days, and SIGCOMM. Antti Levomäki has been working since 2004 at R&D of Finnish Cyber Security
Company Stonesoft. For the last five years he has focused on researching evasion
techniques against network security products and writing testing tools. Previous
duties include writing attack and application signatures for Stonesoft network
security products. Mr. Levomäki holds a Master Of Computer Science degree from
the University of Helsinki and is currently pursuing a PhD at the Aalto
University.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast