Over the weekend the world learned of malware in the wild exploiting another (hitherto unknown) Internet Explorer 0day. The vulnerability extends across Internet Explorer versions 6 through to 11, and allows for remote code execution – the most serious type of security flaw. Microsoft has confirmed that the vulnerability is under active attack, although claims these are ‘limited [and] targeted‘ in nature. (The press calls this “targeted and sophisticated“).
For most of the world, this is very bad news because of the huge market share of IE, and the fact that the vulnerability stretches back to a very large portion of the installed base, including Windows XP, for which Microsoft does not intend to issue a patch. As of today, Adobe has issued a patch for a Flash exploit that takes advantage of the 0day.
Another patient zero. Time to move forward.
Another enterprise- and economy-wide panic. Can you afford to follow the advice from the US DHS and ban your users from the web until you manage to patch your endpoints, or will you open the sluice gates and permit users to install Chrome in the meantime? If not, can you restrict your users from accessing the web, and keep them only on Intranet applications? All of these have massive consequences for IT and could take weeks or months to get done – perhaps before the next panic hits?
We at Bromium know that there is no need for patient zero, that end points can protect themselves by design, and automatically remediate themselves when attacked. We know that protected end points can deliver detailed, accurate forensic insights that would take a human expert days or weeks – in real-time. We can turn these insights into automatic responses that block attacks enterprise-wide to stop targeted sophisticated attacks. Micro-virtualization protects against attacks of this nature, by design:
- Protect first, and protect always. Micro-virtualization does not rely on leap-of-faith network based detection. It protects the end point by design, and because of that resiliency, prevents the customer from having to spend a lot of money on expensive remediation & Incident Response
- Automated forensics: Micro-virtualization allows unrivalled forensic analysis of live malware by relying on the resilient isolation offered by the CPU, to automatically provide unrivalled detailed insight and forensic analysis of any attack in real time. Only by ensuring that attacks execute in an isolated environment on the end-point can the process of threat intelligence gathering and sharing be properly automated, eliminating the compromise andits remediation, and saving time and money for analysis.
- Real-time insights, not post-hoc panic: micro-VMs not only “protect first” but also collectively create an enterprise-wide sensor network that generates real-time threat intelligence that is enterprise- and user- specific, giving real-time insights to attacks that have been defeated, rather than false positives or successful compromises.
- Cut false positives: By relying on robust protection, it is possible to wait until a hardware-isolated attack executes and actually compromises the software in a micro-VM on an end point – without risk. With proof of an actual attack, it is possible to eliminate false positives that result from traditional detection – reducing the workload on the SOC team.
- Automated, enterprise-wide protection: with accurate, complete forensic insights delivered by the end point in real time, it is easy to deliver enterprise-wide value – enabling automatic blocking of the attack at the perimeter.
Isn’t it time to allow your end points to protect themselves and to become strategic sensors that collaborate to protect the enterprise, rather than nightmarish unpatched malware magnets in the hands of gullible users?