Content threat removal: 100% malware-free content, zero false positives
February 14, 2018
Cyber security has long concerned itself with the problem of digital content threat. History tells a story of an ‘arms race’ where the attacker has continually had the upper hand.
Anti-virus came first, and polymorphic viruses were developed to defeat it. Sandboxed detonation arrived, promising the ultimate defence against advanced persistent threats. But the attackers just got on with developing evasion techniques and rendered it obsolete almost immediately.
There’s no way the defenders are going to catch up; at least not by playing by the rules and running faster. What is needed is something radically different. Something that instantly leaps in front of the attackers and blocks their path forever.
Removing content threats
It’s time to look closely at idea of transformation. Transformation is the way to get ahead of the attackers and stay ahead. This is because it eliminates the threat and leaves no opportunity for evasion techniques to be developed. Deep Secure call this approach Content Threat Removal (CTR).
CTR works by assuming that all data is unsafe. It doesn’t try to distinguish good from bad.
Instead the business information is extracted from the data received and the data is then discarded. New safe data is then created to carry the business information to its destination. This way the attackers cannot get in and the business is not hampered.
When it comes to the content threat, in terms of efficacy this approach cannot be beaten. The security team is satisfied because the threat is removed. The business team is satisfied because they get the information they need.
Deep Secure’s solution delivers the transformation without losing any business information, while denying an attacker any ability to influence how the information is delivered.
Achieving this for one simple format is hard. But having to repeat it for every complex format does not create a scalable, supportable solution. Solving this problem, by using a single common intermediate format, is one of the breakthroughs Deep Secure have made.
Deep Secure’s other breakthrough is making the same implementation work for public cloud deployments, private clouds and high assurance situations. User-to-user, user-to machine, and machine-to-machine scenarios are all covered.
As a result, Deep Secure gives their customers unprecedented choice. The same technology can be deployed in different parts of a business to achieve different effects. This avoids costly over-engineering while bringing cost savings through commonality.
The real proof of the power of CTR is in the way it can deal with steganography (the practice of concealing information within other non-secret information). Defences against steganography that are based on detection stand no chance, because steganography is undetectable.
CTR makes no attempt to detect the threat. Steganography works by hiding information in redundant parts of data. But CTR works by extracting useful information from data, a process that naturally leaves behind any information encoded in redundant data. So CTR defeats steganography by ignoring it: other techniques fail to defeat steganography because the hidden information cannot be seen.
Defeating the undetectable
As attacks have become more sophisticated, defences that detect attacks have improved. But each time defences advance, the attackers develop new techniques to evade them.
It looks like the end of the line for “the detectors”, as attackers are now hiding behind steganography or other advanced evasion techniques which are impossible to detect.
The future must be something radically different: Content Threat Removal is a defence that defeats the digital content threat posed by attackers once and for all.
For more information and a live demonstration visit Deep Secures stand at TEISS or contact us on +44 (0) 1684 892831 or firstname.lastname@example.org
Researchers have discovered a new 'multi-staged attack' campaign dubbed Zealot which hackers are running to mine cryptocurrency by leveraging known NSA exploits like EternalBlue and EternalSynergy. Hackers behind the latest …
TEISS blogger Niall Sheffield, Solutions Engineer at SentinelOne says that traditional antivirus defences are largely useless against the latest fileless attacks...so what can be done? Cyber security has always taken the …