Select Page

Jun 7, 2019

Protecting Your Assets Against Invisible Stealth Attacks

by

Malware is becoming increasingly sophisticated in concealing itself, lurking in places in your network, servers and endpoints to deliberately avoid detection by traditional anti-virus tools and signature-based inspection. Stealth viruses can self-modify, or hide outside the OS, or in data, memory, partitions and bootsectors. They may hide quietly for months before launching an attack. This threat is not new, it’s simply getting more complex and advanced.

If the threat is invisible, how do you protect your network against it? Viruses affect no damage if they lie quietly in a dusty corner and do nothing. To achieve the attacker’s goals, viruses must communicate—to replicate themselves; to send gleaned sensitive information back to the attacker; to allow the remote attacker access to, or manipulation of, the infected system—or change the performance of a system to disrupt business continuity.

In short, you detect stealth viruses by their footprints: the anomalous behavior they cause; the changed traffic patterns; the changed server behavior. Change can only be identified and quantified when comparing to a known condition. For this it is imperative to have a baseline of network traffic behavior and system performance behavior. Ideally threats are detected and eradicated at the perimeter of the network, but reality is less perfect. The next layer of defense is to detect, and immediately mitigate, anomalous behavior before damage has occurred.

Hillstone’s advanced security solution employs the most advanced technologies—including artificial intelligence (AI), machine learning (ML) and behavioral analytics—to secure your network against unknown malware. These techniques include Abnormal Behavior Detection (ABD), Advanced Threat Detection (ATD), Complete Kill Chain Mapping (CKCM), combined with threat correlation and analysis, and rich forensic analysis.

The Abnormal Behavior Detection engine builds and maintains a behavior model database, establishing a baseline benchmark for your network, and continuously measuring and analyzing current behavior against the baseline, drawing on the relationships among multiple dimensions of a suite of parameters.

The Hillstone solution also includes Kill Chain Mapping which maps all the information it collects and analyzes from threat intelligence and its multiple detection engines to each stage of the Cyber Kill Chain. With this capability you can monitor, trace, and mitigate a threat at each stage of its lifecycle.

Install a Hillstone solution in your network today—the time is now. It is often said that many networks have been breached, and the others will be.