Trusteer unveils new approach to stop Zero-Day attacks and APTs

Trusteer Apex prevents the biggest security problem facing organizations today: the exploitation of zero-day or unpatched application vulnerabilities in widely deployed endpoint applications, such as web browsers, Adobe Acrobat, Flash, Java and Microsoft Office. The product stops advanced targeted attacks and APTs that are initiated using malicious Web pages, spear-phishing emails, and weaponized documents to exploit these vulnerabilities, compromise employee endpoints with malware and establish a footprint inside the corporate network.

Trusteer Apex monitors the execution of endpoint applications that process external content. By applying deep application knowledge, Trusteer Apex is capable of associating operations (what the application is doing) with the application state (why is it doing that). For example, the product can detect that Internet Explorer is legitimately writing a new executable file to the file system while in a state of a code update . However, Trusteer Apex will automatically terminate an exploitation process by stopping applications from performing sensitive operations while at unknown application state.

The blacklisting technologies that are included in leading endpoint protection suites continue to fall short and cyber criminals are constantly changing their tactics to evade detection by these controls. Meanwhile, application whitelisting solutions, which address evasion by allowing only known-good software to run, have proven very difficult to manage. Due to this complexity, large enterprises are failing to widely deploy these solutions to all endpoints and leaving themselves vulnerable to malware infections.

Over the last seven years, Trusteer has helped more than 300 financial institutions worldwide protect their corporate and retail customers against the most sophisticated and evasive malware attacks. During this period, Trusteer acquired unique expertise by monitoring behaviors of endpoint applications and has applied this knowledge to develop Trusteer Apex. Many Trusteer customers already protect tens of thousands of their employees against advanced threats using Trusteer Apex technology.

“Advanced malware protection continues to be a losing battle for enterprises because malware is constantly evolving to evade detection. Current security controls require constant care that enterprises simply cannot afford,” said Mickey Boodaei, CEO, Trusteer. “With Trusteer Apex, enterprises can protect themselves against exploitation of the constant flurry of application vulnerabilities and stop data exfiltration with zero management effort.”

Trusteer Apex includes the following capabilities:
· Application Exploit Prevention: Trusteer Apex blocks malicious code embedded in Web pages and business documents from exploiting zero-day or unpatched vulnerabilities in client applications and installing malware on the endpoint.
· Data Exfiltration Prevention: Trusteer Apex restricts untrusted files from executing sensitive operations that are potentially malicious. For example, tampering with other application processes to hide communication traffic to a command and control center. Untrusted files are sent to Trusteer for analysis and are either approved or removed from the endpoint.
· Ease of Deployment and Automated Management: Trusteer Apex can be deployed within days, over tens of thousands of endpoints, both managed and unmanaged, and is specifically designed to support large and complex environments. No learning period is required and no initial or ongoing configuration is necessary.