IBM Software Data Sheet
Trusteer Apex provides automatic and
accurate malware protection
Help stop zero-day application ex...
2
Data SheetIBM Software
Blacklisting or whitelisting: Current
endpoint controls fall short
Despite using market-leading e...
3
Data SheetIBM Software
Stopping application exploitation
Application exploitation occurs when an application processes
m...
For more information
To learn more about Trusteer Apex, please contact your
IBM representative or IBM Business Partner, or...
Upcoming SlideShare
Loading in...5
×

Trusteer Apex Provides Automatic and Accurate Malware Protection

397

Published on

Trusteer Apex applies a new approach - Stateful Application Control - to help stop zero-day application exploits and data exfiltration by automatically determining if actions by commonly exploited and widely used applications that process external content are legitimate or malicious.

Defending against malware: A holistic approach is required - http://ibm.co/1fIYCg8

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
397
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
7
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Trusteer Apex Provides Automatic and Accurate Malware Protection

  1. 1. IBM Software Data Sheet Trusteer Apex provides automatic and accurate malware protection Help stop zero-day application exploits and data exfiltration Highlights ●● ● ● Apply a new approach—Stateful Application Control—to help stop zero-day application exploits and data exfiltration ●● ● ● Protect commonly exploited and widely used applications that process untrusted external content ●● ● ● Automatically and accurately determine if an application action is legitimate or malicious ●● ● ● Help maximize security while simplifying deployment and minimizing management overhead Targeted attacks and advanced persistent threats pose a serious security threat to enterprises. In order to stop these attacks, organizations must prevent advanced, information-stealing malware from compromising employee endpoints. Advanced malware circumvents blacklisting tactics for threat detection. Meanwhile, whitelisting approaches, which minimize malware evasion, have proven difficult to implement and manage. A new approach to effective and manageable endpoint malware protection is needed. The attack vectors: Application exploits and social engineering Advanced malware compromises enterprise endpoints in one of two ways: ●● ● Application exploits: Cybercriminals use code embedded in weapon- ized documents and web pages to exploit application vulnerabilities, introduce malware into an employee’s endpoint and penetrate the corporate network. ●● ● Direct user install: Cybercriminals use various tactics to manipulate the user to install an application that contains malware. The malicious application can be delivered via a website download, an infected USB drive, or an email attachment. Once infected with malware, compro- mised endpoints can be used to access systems, collect data and send it to the Internet. Data exfiltration can take place within minutes of the malware infection, which is why it is critical to identify and mitigate the infection as quickly as possible.
  2. 2. 2 Data SheetIBM Software Blacklisting or whitelisting: Current endpoint controls fall short Despite using market-leading endpoint protection solutions, many large enterprises are constantly breached by advanced malware. Traditional endpoint protection solutions based on blacklisting file signatures and malicious behaviors have had limited impact on advanced threats that simply work around the blacklisting rules. Application control and whitelisting solutions allow only trusted files to execute on the endpoints and are more resilient to evasion tactics. However, due to the dynamic nature of the user environment and frequent changes to application files, organi- zations have found these solutions to be extremely difficult to implement and maintain. Trusteer Apex: Stateful Application Control Trusteer1 Apex software applies a new approach—Stateful Application Control—to help stop zero-day application exploits and data exfiltration. By analyzing what the application is doing (operation) and why it is doing it (application state), Trusteer Apex can automatically and accurately determine if an application action is legitimate or malicious. Trusteer Stateful Application Control enables automated enterprise malware pro- tection that can help maximize security while helping simplify deployment and minimize management overhead. Trusteer Apex is designed to prevent malware from compromising endpoints by blocking the execution of files written to the file system through exploitation of vulnerabilities. Internet, email, instant messaging Exploit External content Vulnerability Exploitation of the vulnerability Legitimate access File system Trusteer Apex stops execution Application Trusteer Apex Application exploit prevention
  3. 3. 3 Data SheetIBM Software Stopping application exploitation Application exploitation occurs when an application processes malicious external content that contains exploit code. The exploit uses known or unknown (zero-day) vulnerabilities to write a file to the file system and execute it. Trusteer Apex protects commonly exploited and widely used applications that process untrusted external content, including browsers, Adobe Acrobat, Adobe Flash, Java and Microsoft Office. Trusteer Apex validates the application state during sensitive application operations, such as file system access, to help ensure proper execution. It blocks the execution of files created via exploita- tion of vulnerabilities in these applications (for example, when the application enters an unknown state), helping prevent malware from compromising the endpoint. Helping prevent data exfiltration Data exfiltration requires the malware to communicate with the Internet (for example, to a command-and-control server). Trusteer Apex restricts untrusted files from executing sensitive operations that can enable external communication, such as opening external communication channels or tampering with other application processes to hide external communication traffic. Untrusted files are sent to Trusteer for analysis and are either approved or removed from the endpoint. Providing automated management The Trusteer Stateful Application Control engine is designed to be easy to manage and maintain. This is because legitimate application states rarely change, even when applications are updated or patched. Automated updates are provided by Trusteer, based on research continuously performed on a network of tens of millions of protected endpoints. The updates occur with no end-user disruption and require minimal IT staff resource involvement. If necessary, users can manage exceptions and enable specific code that would be restricted by Trusteer due to the nature of its operation. Why IBM? Trusteer, an IBM company, provides endpoint cybercrime prevention solutions that protect organizations against financial fraud and data breach. Hundreds of organizations and millions of end users rely on Trusteer to protect their managed and unmanaged endpoints from online threats and advanced information-stealing malware. IBM Security solutions are trusted by organizations worldwide for fraud prevention and identity and access management. The proven technologies enable organizations to protect their customers, employees, and business-critical resources from the latest security threats. As new threats emerge, IBM can help organizations build on their core security infrastructure with a full portfolio of products, services and business partner solu- tions. IBM empowers organizations to reduce their security vul- nerabilities and focus on the success of their strategic initiatives. ­
  4. 4. For more information To learn more about Trusteer Apex, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/Security About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM® X-Force® research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 15 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing ­ ­ ­ ­ © Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America January 2014 IBM, the IBM logo, ibm.com, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Adobe is a registered trademark of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. 1 Trusteer was acquired by IBM in August of 2013. ­ ­ Please Recycle WGD03029-USEN-01

×