March 21, 2014

Safely Detonate That Malware

I like the potential of the FireEye Malware Protection System (MPS).

Unlike traditional signature-based malware protections like antivirus, firewalls, and intrusion prevention systems (IPS), FireEye is an additional security layer that uses a dynamic Multi-Vector Virtual Execution (MVX) engine to detonate even zero-day attacks from suspicious files, web pages, and email attachments. 

According to Bloomberg Businessweek, Target's implementation of FireEye detected the malware attack on Nov 30, 2013 and it alerted security officials, but allegedly "Target stood by as as 40 million credit card numbers--and 70 million addresses, phone numbers, and other pieces of personal information--gushed out of its mainframes"over two weeks!

In fact, FireEye could've been set to "automatically delete [the] malware as it's detected" without human intervention, but "Target's team apparently "turned that function off."

FireEye works by "creating a parallel computer network on virtual machines," and before data reaches its endpoint, they pass through FireEye's technology.  Here they are "fooled into thinking they're in real computers," and the files can be scanned, and attacks spotted in safe "detonation chambers."

Target may have been way off target in the way they bungled their security breach, but using FireEye properly, it is good to know that attacks like this potentially can be thwarted in the future. ;-)

[Note: this is not an endorsement of any product or vendor]

No comments: