IT Security
SIGN IN
 |
News
 |
 |
 |
 |
 |
Copyright © 2016 iPath Networks All Rights Reserved
 |
Global Security - Made in Austria
       The Revolution in IT SecurITy... …so Malware won’t get in your system!
Current Security Situation  Nowadays,   businesses   of   all   sizes   and   sectors   constantly   face   risks   and   threats   from   the   internet.   Re-gardless   of   whether   it   is   a broad   and   random   attack   (e.g.   ransomware),   or   a   targeted   onset   (e.g.   CEO   Fraud),   internet   criminals   most   often   strike   undetected and smartly. The   damages   caused   can   be   of   tremendous   and   even   an   existence-threatening   extent.   On   the   radio,   on   TV   or   in   the   press   such cases   are   reported   on   a   daily   basis.   Moreover,   cyber-crime   attacks   become   increasingly   commercialised.   The   business   model   of the future lies in Malware-as-a-Service where control servers and malicious soft-ware are for hire. How do businesses perform cyber security ? Beside   projects   and   the   usual   day-to-day   operations,   IT   departments   of   businesses   are   increasingly   concerned   with   dangers   that come   from   cyber   space.   Protection   for   companies   is   often   rolled   out   in   multiple   components;   this   includes   firewalls,   sandbox systems,   intrusion   pre-vention   systems,   endpoint   protection   and   so   forth.   Everything   is   geared   to   protect   data   and   infrastructures from getting compromised. Ideally,   the   interception   of   malicious   software   happens   at   or   even   be-fore   the   network   transfer   point   to   the   LAN   by   using   firewalls, Anti-SPAM,   proxies   and   intrusion   prevention   systems,   for   instance.   If   harm-ful   contents   break   through,   then   the   endpoint   protection intervenes and provides protection. However,   all   those   systems   must   continually   be   updated   and   monitored.   The   administrative   effort   needed   is   substantial   when   one expects   a   well-functioning   security   system.   And   despite   all   that,   inter-net   criminals   succeed   again   and   again   with   the   newest malware that outsmart IT security systems. Once the malware has penetrated the LAN, it is often too late for counter measures to be effective. How current virus scanners work   Virus   scanners   work   with   different   methods   to   spot   malware.   The   most   important   and   utilised   ones   shall   be   elaborated   in   brief   as follows: Signatures To   identify   and   isolate   known   viruses,   anti-virus   producers   distribute   so   called   signatures   to   their   clients.   This   method   however   is only   effective,   if   the   malicious   software   has   already   been   detected   and   is   known.   In   addition,   the   generation   and   distribution   of   a signature is very time consuming. Heuristic That    is    the    term    describing    the    search    for    generic    features    and    salience    to    detect    still    unidentified    malware.   This    requires extraordinary   intelligence   of   the   antivirus   software,   as   normal   programmes   shall   not   be   affected,   which   involves   great   effort   to programme and to keep up-to-date. Sandboxing Under   this   method,   the   alleged   malware   is   incited   to   get   active   in   a   virtual   environment. As   soon   as   the   malicious   software   starts   to act, it can be identified and isolated without getting into the live system. Behavioural Analysis Similar   to   the   heuristic   and   the   sandboxing,   behaviour   is   analysed   here   as   well;   however,   this   happens   with   the   aid   of   algorithms (e.g.   genetic   or   trainable   ones),   as   well   as   statistics   and   neuronal   networks.   It   is   a   very   effective   method;   however,   it   normally   can only be performed within the live system in real-time. The problem lies in the nature of things  Most   IT   security   solutions   work   with   the   methods   as   described   above,   which   do   not   adequately   correspond   with   the   state-of-the-art any   longer.   The   producers   of   malicious   software   test   their   programmes   with   the   latest   virus   scanners   in   order   to   determine   the recognition rate. Most malware is able to recognise sandboxing and so does not react until released from the virtual environment. Hostile   software   becomes   more   sophisticated   and   complex.   It   can   easily   and   automatically   be   modified,   so   that   pattern detection becomes rather ineffective. As a result, reaction to new threats is staggered. Once the malware has penetrated the LAN, it is often too late for counter measures to be effective. Modern malware is also capable of keeping itself updated by downloading latest software components. Furthermore,   current   endpoint   protection   systems   present   challenges   to   the   performance   ability   of   workstation   systems.   In   short: The IT security sector lacks substantial innovation. Harmless   appearing   emails,   compromised   websites   and   so   called   drive-by   attacks   are   the   most   common   ways   to   transfer   malware to   the   target.   From   there,   almost   100%   of   malicious   software   are   capable   of   loading   a   malicious   code   via   the   internet   that   enables them to launch and carry out the attack within the LAN. This   happens   almost   exclusively   by   means   of   DNS   (name   resolution).   The   link   within   an   email   leads   to   a   compromised   server   via   a name,   there   it   downloads   a   malicious   code   and   executes   it   immediately   or   time   controlled   without   being   noticed   by   the   user.   The problem   is   that   via   name   resolution,   the   link   is   not   instantly   recognised   as   compromised   and   so   the   attack   can   take   place   in   the meantime.   Depending   on   the   quality   of   the   security   systems   in   place   the   attack   cannot   be   prevented   most   of   the   times,   but   at   least it can be discovered and at best, halted. In   order   to   prevent   the   attack,   the   name   of   the   compromised   system   must   be   known   and   then   blocked.   This   provides   the   full protection   so   that   malware   cannot   infiltrate   IT   systems.   The   name   servers   in   the   LAN,   a   DNS   proxy,   a   firewall   or   a   router   resolve your   name   request   locally   and   redirect   those   in   case   of   need   to   a   so   called   root-DNS-server.   There,   they   receive   answers   to   the name resolution and forward these to their clients. With   Blue   Shield   Umbrella    the   Intelligence   DNS   Centers   are   requested   for   name   resolution   instead   of   the   root-DNS-server.   Those further   communicate   with   the   European   Threat   Intelligence   Defence   Center   and   receive   an   assessment   about   the   inquired   names in   real-time   from   there.   When   a   name   is   blocked,   the   inquiring   server   will   be   informed   about   it   and   the   clients   receive   a   notification about   the   blocking. Through   this   innovative   technology,   an   attack   is   halted   before   it   even   takes   place   and   the   download   of   malicious codes is prevented. In addition, the activities of existing botnets, Trojans or similar is shorted with this modern technology. Communication   with   the   control   servers   is   no   longer   possible   and   the   malware   becomes   inefficacious.   Hostile   software   cannot communicate   with   the   control   server   any   longer   but   communication   is   still   sought   and   attempted;   as   a   result,   the   computer contaminants become apparent in the LAN. The   European   Threat   Intelligence   Defence   Center   reviews   with   numerous   techniques   the   inquired   servers   in   the   internet   for compromise   and   saves   the   results   in   a   database.   In   addition,   mathematical   computations   are   in   use.   Therefore,   the   risks   and threats are not only recognised but also barred. Blue Shield Umbrella  SO THAT SOMETHING UNHEALTHY FROM THE NET DOES NOT EVEN GET INTO YOUR SYSTEM!
DNS Communication Standard Today
Made in Austria
www.blue-shield.at