ReSOFT Scalable, Real-time Malware Protection

Malware Profile Motivated by financial gain Parasitic Persistent Pervasive Mutating Stealthy Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Motivated by financial gain

Parasitic

Persistent

Pervasive

Mutating

Stealthy

Malware – How It Works Multiple entry points Multi-layered execution Cascading executables trigger execution of each other Multiple hooks Changes to start-up environment Browser start/search page hijacking Browser helper objects Executable hijacking Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Multiple entry points

Multi-layered execution

Cascading executables trigger execution of each other

Multiple hooks

Changes to start-up environment

Browser start/search page hijacking

Browser helper objects

Executable hijacking

Malware Protection Close the entry points Remove the hooks Stop and prevent execution File deletion Real-time deletion of malware files less reliable because files are not actions The last step Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Close the entry points

Remove the hooks

Stop and prevent execution

File deletion

Real-time deletion of malware files less reliable because files are not actions

The last step

Malware Protection Approaches Signature based Works if the signature database is COMPLETE, and UP-TO-DATE Signature database cannot be COMPLETE and UP-TO-DATE There is no clear definition of malware Malware is motivated by financial gain It mutates constantly It is highly persistent and pervasive Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Signature based

Works if the signature database is COMPLETE, and UP-TO-DATE

Signature database cannot be COMPLETE and UP-TO-DATE

There is no clear definition of malware

Malware is motivated by financial gain

It mutates constantly

It is highly persistent and pervasive

Malware Protection Approaches Behavior based Protects systems from intruders based on actions that they take Works against both known and new malware Effectiveness depends on real-time detection and neutralization action capabilities Avoids legal issues related to what is and is not malware Long-term success depends on flexibility and extensibility of underlying architecture Neutralize new behaviors Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Behavior based

Protects systems from intruders based on actions that they take

Works against both known and new malware

Effectiveness depends on real-time detection and neutralization action capabilities

Avoids legal issues related to what is and is not malware

Long-term success depends on flexibility and extensibility of underlying architecture

Neutralize new behaviors

Malware Protection Phases Protection against new and known malware Close all entry points Neutralization of malware that may have infected a system Identify malware Remove hooks Stop and prevent execution Delete files (optional as long as real-time behavior based protection is in place) Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Protection against new and known malware

Close all entry points

Neutralization of malware that may have infected a system

Identify malware

Remove hooks

Stop and prevent execution

Delete files (optional as long as real-time behavior based protection is in place)

File Deletion One element of malware protection Independent of real-time neutralization Not necessary for real-time malware neutralization Can be performed as batch operation Insurance policy Behavior based file deletion is new territory Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

One element of malware protection

Independent of real-time neutralization

Not necessary for real-time malware neutralization

Can be performed as batch operation

Insurance policy

Behavior based file deletion is new territory

Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

ReSOFT Malware Protection Behavior based Rea-time malware actions detection and neutralization Real-time protection of areas targeted by intruders Stops and prevents malware execution Built-in extensibility Keep up with evolving threats Highly scalable Centralized management and control Local actions not dependent on server Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Behavior based

Rea-time malware actions detection and neutralization

Real-time protection of areas targeted by intruders

Stops and prevents malware execution

Built-in extensibility

Keep up with evolving threats

Highly scalable

Centralized management and control

Local actions not dependent on server

ReSOFT Malware Protection Malware clean-up – more effective than other solutions Direct access to, and control of targeted areas Centralized operation – automated propagation of malware neutralization actions File deletion Not in real-time Automated execution – requires manual configuration Centralized operation – automated propagation of file deletion actions Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Malware clean-up – more effective than other solutions

Direct access to, and control of targeted areas

Centralized operation – automated propagation of malware neutralization actions

File deletion

Not in real-time

Automated execution – requires manual configuration

Centralized operation – automated propagation of file deletion actions

ReSOFT Malware – The Bottom Line Today – proven to be more effective than other solutions Over time – More likely to stay ahead of malware because of the power of the underlying architecture Don’t believe, try it at no cost or obligation Oct 7, 2009 Proprietary and Confidential to HandsFree Networks

Today – proven to be more effective than other solutions

Over time – More likely to stay ahead of malware because of the power of the underlying architecture

Don’t believe, try it at no cost or obligation