Profiling Your Best Behavior

Behavior recognition helps decrease malware and browser-based attacks as spyware becomes and epidemic

WEB-borne threats are among the most serious security risks facing corporations today. An alarming trend shows that malware and browser-based attacks are increasing in frequency. A 2005 FBI Computer Crime survey reported that spyware has reached epidemic proportions effecting 79 percent of the U.S. companies surveyed. According to a Sophos Security Threat Management Report published in November 2005, the number of new malware threats increased 48 percent during 2005 alone.

In today's network-connected business world with real-time online needs, malicious applications often reach corporate PCs before they arrive at the security vendor's lab for inspection, and this is where the true value of behavior profiling and blocking technology is realized.

As malicious code becomes increasingly complex and pervasive, one proven technology -- behavior profiling and blocking -- is demonstrating its effectiveness in keeping corporate networks safe from unknown and new types of malicious code.

Detecting Malicious Behavior
In general terms, behavior profiling is a method that assesses how something or someone will behave in a given situation. Decision-makers use behavioral profiling methods in a wide range of situations to determine whether a behavior is acceptable.

A psychologist, for example, may review a patient's behavior profile to determine whether it deviates from what is defined as normal in a particular environment. In behavior profiling and blocking technology, the smart algorithm in the security engine carries out the same function as the psychologist.

Smart algorithms are used in security products to inspect applications and to review their respective execution/behavior profiles. Using an application profile, security engines can decide whether a given application is acceptable or malicious before allowing it to invade a user's computer. Other security products use behavior profiles to monitor running applications for deviations from an accepted behavior.

Market Trends Swinging Proactive
In global competition, there is no time to lose to ensure a competitive edge. That edge can be destroyed quickly through malicious code that results in the loss of intellectual assets and productivity. In order for companies to safeguard themselves from Web-based threats, they need to incorporate a behavior-based, proactive security technology that will work with traditional anti-virus, spyware and other technologies to provide a comprehensive, layered defense.

The major advantage of behavior profiling and blocking technology in the security industry is that it does not rely on known or previously identified malicious content to block it before it can do any damage. It does not need signatures or pre-defined patterns to decide whether an application is about to perform a prohibited operation. This enables the security engine to identify and block new and unknown malware attacks from a first-time strike. There is no waiting for patches to arrive.

Behavior profiling technology generates application profiles in real time. Simply by crawling the application's code and identifying its needed resources or trapping its events, this technology can create a behavior profile and make a determination of whether a particular code is malicious or not.

Smart algorithms identify operations, parameters, function calls, scripts and other resources used by the inspected code. In addition to these elements, the behavior profiling technology simulates on-the-fly possible uses of such elements by the written code, and the result is the application's behavior profile. Then, in accordance with an organization's security policy, the behavior profiling algorithm decides whether to allow the code to go through, block it or just eliminate the malicious code, and let the rest go through to users so they can see what has been removed.

Successfully Identifying the Unknown
Clearly, if a program can be inspected in a lab and manually profiled, it is relatively simple to create a security product that will stop it from doing bad things, such as actions we define as malicious. However, what has traditionally been a major limitation for security vendors is the ability to provide protection against a program or virus which they never have been previously exposed to or experienced. Companies wait for patches and then distribute them throughout the network. this is known as the window of vulnerability. Proactive, behavior-based technology closes that window by offering the needed protection in real time against the latest threats permeating the Web. This long-standing vulnerability is why behavior profiling technology is needed so critically today in the security industry.

History has shown that signature-based and heuristic-based security solutions fall short in its ability to identify an unknown or previously un-inspected piece of code to determine whether it is malicious. Traditional anti-virus is a classic example. As long as a signature is not available (i.e., a new virus did not reach the security vendor's lab for inspection and/or a signature update is not released), the anti-virus product is helpless in preventing such malicious code from executing, as it relies solely on previous knowledge.

In today's network-connected business world with real-time online needs, malicious applications often reach corporate PCs before they arrive at the security vendor's lab for inspection, and this is where the true value of behavior profiling and blocking technology is realized.

Unlike programs operating in a security vendor's lab, behavior profiling and blocking technology is used to inspect programs "in the wild." The goal is to analyze programs and applications that reach computers from an external, untrusted source. Such applications may include malicious code that can damage machines or data, violate privacy or compromise intellectual property.

By using behavior profiling in security products, on-the-fly profiles can be generated and enforced by the security engine based on a defined security policy. Unauthorized behaviors can be blocked instantly before execution and prior to reaching targeted machines.

Behavior profiling and blocking technology is in use by corporations today, enabling them to remain connected and receive data from both trusted and untrusted resources. Corporations know that proactive security measures are in place to ensure that malicious content will be blocked from entering the corporate network and systems environment. Moreover, application behavior profiling and blocking technology offers the only solution that provides real-time capabilities required to address today's influx of increasingly complex and varied malicious code.

This article originally appeared in the October 2006 issue of Security Products, pgs. 46-47.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Cloud and Hybrid Adoption on the Rise

    The physical security industry is experiencing a time of great transformation. Cloud connectivity is accelerating, and more organizations are choosing to blend on-premises and cloud-based solutions. This transformation is affecting all aspects of security, including access control. In the Genetec annual State of Physical Security Survey, it was access control that topped the list of new technologies end-users planned to focus on in 2024. Read Now

  • Texas City Replaces Locks on Intelligent Traffic Cabinets With More Secure Option

    The Transportation Services and Mobility department for the city of Grand Prairie, Texas recently completed a substantial project to replace the locks on their Intelligent Traffic Cabinets with a better and more secure choice. Turns out what they needed was only a few miles away with ALCEA’s Traffic Cabinet Locking Solution powered by ABLOY technology. Read Now

  • New Report Says Vulnerability Exploitation Boom Threatens Cybersecurity

    Verizon Business recently released the findings of its 17th-annual Data Breach Investigations Report (DBIR), which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022. Read Now

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3