Thursday, February 28, 2013

Zero-day rootkits & bootkits

New features to help protect endpoints against the most potent and stealthy advanced persistent threats

LynuxWorks has announced  announced that they will demonstrate the industry’s first technology capable of real-time detection, alert and protection against zero-day rootkits and bootkits. Rootkits are the most sophisticated and lethal type of malware--stealthy and extremely potent. When resident on endpoint devices, the LynxSecure 5.2 product can help security experts and IT staff discover rootkit infections and neutralize them, and then easily remotely clean infected machines, thereby preventing future infections.

LynxSecure 5.2 is the next version of the established secure separation kernel and hypervisor from LynuxWorks. Designed from the ground up with security as a key design goal, this military-grade virtualization solution is now available for Enterprise users. It is small, secure and offers high performance that is well suited to today’s modern roaming endpoints, such as laptops and hybrids. Now adding a feature that does real-time detection of stealthy advanced persistent threats such as rootkits, brings the use of this technology to the front of Enterprise security protection.

“This new feature in LynxSecure 5.2 really shows off the power of using virtualization technology to protect endpoints,” said Robert Day, vice president of marketing at LynuxWorks. “We will be demonstrating several examples of LynxSecure protected endpoints including live defense of a real rootkit.”

Rootkits work at the lowest levels of the operating system (OS) they intend to attack. Thus, it is a self-defeating cause to try and have a detection and prevention mechanism that is a part of the “target of attack.” The approach to combating these insidious threats needs a mechanism that offers a completely different security posture: It must execute with a higher privilege than the attacked OS; provide complete control of the platform hardware; and monitor all activities of the OS and its applications. Also, this mechanism must be self-protecting, non-bypassable and tamper-proof. LynxSecure provides a comprehensive end-to-end solution, fully manageable by IT staff, while providing a detailed real-life picture of the rootkit infections in the corporate network.

“Rootkits are not only the most dangerous cyber-threat, but also the most common one. Daily we witness new cyber-attacks on major corporations, media companies and government agencies. What’s common to these attacks is that the targets are endpoints and that the malicious payloads are rootkits and bootkits.” said Avishai Ziv, vice president of Enterprise Security solutions at LynuxWorks. “The existing dedicated tools for detecting and removing rootkits and bootkits are very few, provide only partial remedy and require a lengthy, complicated process. Our technology is the only one capable of handling the entire cycle while the endpoint is still active, with swift, remote remediation.”

No comments:

Post a Comment