Signatureless attack detection is becoming the hot topic in threat prevention. Client side security vulnerabilities are often found in zero day exploits in the wild, meaning that signature based intrusion detection and prevention systems are not likely to catch these attacks. Signatureless detection systems are designed to detect these kinds of attacks and they do provide some additional layer of security. One of the techniques deployed by signatureless is called sandboxing. In sandboxing , the signatureless attack detection systems executes files that are being transferred in networks in sandbox. They carefully instrument the execution and based on that determine if the file was malicious. We have analyzed signatureless detection and particularly the sandboxing technique, and we have and found several issues in the concept. We have also found ways to completely evade sandboxing. We have taken some peeks into one of the market leading sandboxing product and will discuss about our findings. In this presentation we will highlight the problems we have identified in signatureless attack detection and sandboxing, and present our findings regarding one of the market leading product. The attendees will better understands limits of these systems. Even though they do provide additional layer of security, there are issues one should know.
Name | Type | Role | |
---|---|---|---|
Olli-Pekka Niemi | Guest Star | ||
Antti Levomaki | Guest Star |