Put a Stop to Fileless Malware

Put a Stop to Fileless Malware

Put a Stop to Fileless Malware

The effectiveness of fileless attacks on the endpoint is keeping many security professionals busy. Since such malware doesn’t write itself to disk, it is highly successful at evading many types of detection, as this is where many security technologies usually look for malware. Even modern endpoint solutions find it hard to spot malware hiding itself in what seems like legitimate processes. From using PowerShell and other administrative tools, to abusing capabilities of web browsers and document files, fileless attacks put endpoints at risk.

Protect sensitive processes. Prevent fileless malware.

Minerva Labs’ Memory Injection Prevention capabilities block fileless and other memory- resident malware from compromising endpoints. Rather than trying to detect fileless threats, Minerva tricks them regarding their ability to access needed resources, such as PowerShell or the targeted process. This stops the attack before any damage is done.

Minerva’s underlying approach is about tricking malware as to its environment to block an attack. Fileless malware does not write anything to disk, rather it tries to hide in memory. By analyzing the series of actions that a piece of code does we will be able to intercept the malicious code and respond with a ‘out of memory space’ or ‘access denied to powershell’ and as such block the attack before it starts. This, as you know, is in contrast to how other vendors are approaching fileless malware  which is detection-based, relying on behavioral patterns to detect fileless patterns. This drains resources and results in false positives. Minerva’s passive solution causes malware to break if it attempts to exhibit fileless properties, including attempts to interact with legitimate programs in malicious ways, and attempts to inject code into trusted applications. Minerva ensures that the only code that runs in memory is the code that originated from disk, making fileless attacks ineffective.

Key benefits include:

Put a Stop to Fileless Malware

The effectiveness of fileless attacks on the endpoint is keeping many security professionals busy. Since such malware doesn’t write itself to disk, it is highly successful at evading many types of detection, as this is where many security technologies usually look for malware. Even modern endpoint solutions find it hard to spot malware hiding itself in what seems like legitimate processes. From using PowerShell and other administrative tools, to abusing capabilities of web browsers and document files, fileless attacks put endpoints at risk.

A new layer of prevention, not more overlap of solutions

Minerva Labs’ Memory Injection Prevention capabilities block fileless and other memory- resident malware from compromising endpoints. Rather than trying to detect fileless threats, Minerva tricks them regarding their ability to access needed resources, such as PowerShell or the targeted process. This stops the attack before any damage is done. 

Minerva’s underlying approach is about tricking malware as to its environment to block an attack. Fileless malware does not write anything to disk, rather it tries to hide in memory. By analyzing the series of actions that a piece of code does we will be able to intercept the malicious code and respond with a ‘out of memory space’ or ‘access denied to powershell’ and as such block the attack before it starts. This, as you know, is in contrast to how other vendors are approaching fileless malware  which is detection-based, relying on behavioral patterns to detect fileless patterns.

This drains resources and results in false positives. Minerva’s passive solution causes malware to break if it attempts to exhibit fileless properties, including attempts to interact with legitimate programs in malicious ways, and attempts to inject code into trusted applications. Minerva ensures that the only code that runs in memory is the code that originated from disk, making fileless attacks ineffective.

Key benefits include:

The addition of Minerva Labs to the endpoint security architecture allows enterprises to:

Ready to see us in action?

Resources

SANS Webinar - Using Anti-Evasion to Block Stealth Attacks

This webcast will explain a unique approach to preventing evasive malware from infecting endpoints.

Watch >>

Evasive malware: How and why your anti-malware strategy needs to evolve beyond Anti-Virus

Discover the reasons why evasion techniques work, even with a layered defense approach and how to evolve your endpoint protection strategy, to cover the gap.

Download >>

A SANS Institute Product Review

See how Minerva Labs’ Anti-Evasion Platform performed in the SANS Institute test

Download >>
See All Resources >>