Profiling Your Best Behavior -- Security Today

Profiling Your Best Behavior

Behavior recognition helps decrease malware and browser-based attacks as spyware becomes and epidemic

By Yuval Ben-Itzhak
Oct 01, 2006

WEB-borne threats are among the most serious security risks facing corporations today. An alarming trend shows that malware and browser-based attacks are increasing in frequency. A 2005 FBI Computer Crime survey reported that spyware has reached epidemic proportions effecting 79 percent of the U.S. companies surveyed. According to a Sophos Security Threat Management Report published in November 2005, the number of new malware threats increased 48 percent during 2005 alone.

In today's network-connected business world with real-time online needs, malicious applications often reach corporate PCs before they arrive at the security vendor's lab for inspection, and this is where the true value of behavior profiling and blocking technology is realized.

As malicious code becomes increasingly complex and pervasive, one proven technology -- behavior profiling and blocking -- is demonstrating its effectiveness in keeping corporate networks safe from unknown and new types of malicious code.

Detecting Malicious Behavior
In general terms, behavior profiling is a method that assesses how something or someone will behave in a given situation. Decision-makers use behavioral profiling methods in a wide range of situations to determine whether a behavior is acceptable.

A psychologist, for example, may review a patient's behavior profile to determine whether it deviates from what is defined as normal in a particular environment. In behavior profiling and blocking technology, the smart algorithm in the security engine carries out the same function as the psychologist.

Smart algorithms are used in security products to inspect applications and to review their respective execution/behavior profiles. Using an application profile, security engines can decide whether a given application is acceptable or malicious before allowing it to invade a user's computer. Other security products use behavior profiles to monitor running applications for deviations from an accepted behavior.

Market Trends Swinging Proactive
In global competition, there is no time to lose to ensure a competitive edge. That edge can be destroyed quickly through malicious code that results in the loss of intellectual assets and productivity. In order for companies to safeguard themselves from Web-based threats, they need to incorporate a behavior-based, proactive security technology that will work with traditional anti-virus, spyware and other technologies to provide a comprehensive, layered defense.

The major advantage of behavior profiling and blocking technology in the security industry is that it does not rely on known or previously identified malicious content to block it before it can do any damage. It does not need signatures or pre-defined patterns to decide whether an application is about to perform a prohibited operation. This enables the security engine to identify and block new and unknown malware attacks from a first-time strike. There is no waiting for patches to arrive.

Behavior profiling technology generates application profiles in real time. Simply by crawling the application's code and identifying its needed resources or trapping its events, this technology can create a behavior profile and make a determination of whether a particular code is malicious or not.

Smart algorithms identify operations, parameters, function calls, scripts and other resources used by the inspected code. In addition to these elements, the behavior profiling technology simulates on-the-fly possible uses of such elements by the written code, and the result is the application's behavior profile. Then, in accordance with an organization's security policy, the behavior profiling algorithm decides whether to allow the code to go through, block it or just eliminate the malicious code, and let the rest go through to users so they can see what has been removed.

Successfully Identifying the Unknown
Clearly, if a program can be inspected in a lab and manually profiled, it is relatively simple to create a security product that will stop it from doing bad things, such as actions we define as malicious. However, what has traditionally been a major limitation for security vendors is the ability to provide protection against a program or virus which they never have been previously exposed to or experienced. Companies wait for patches and then distribute them throughout the network. this is known as the window of vulnerability. Proactive, behavior-based technology closes that window by offering the needed protection in real time against the latest threats permeating the Web. This long-standing vulnerability is why behavior profiling technology is needed so critically today in the security industry.

History has shown that signature-based and heuristic-based security solutions fall short in its ability to identify an unknown or previously un-inspected piece of code to determine whether it is malicious. Traditional anti-virus is a classic example. As long as a signature is not available (i.e., a new virus did not reach the security vendor's lab for inspection and/or a signature update is not released), the anti-virus product is helpless in preventing such malicious code from executing, as it relies solely on previous knowledge.

Unlike programs operating in a security vendor's lab, behavior profiling and blocking technology is used to inspect programs "in the wild." The goal is to analyze programs and applications that reach computers from an external, untrusted source. Such applications may include malicious code that can damage machines or data, violate privacy or compromise intellectual property.

By using behavior profiling in security products, on-the-fly profiles can be generated and enforced by the security engine based on a defined security policy. Unauthorized behaviors can be blocked instantly before execution and prior to reaching targeted machines.

Behavior profiling and blocking technology is in use by corporations today, enabling them to remain connected and receive data from both trusted and untrusted resources. Corporations know that proactive security measures are in place to ensure that malicious content will be blocked from entering the corporate network and systems environment. Moreover, application behavior profiling and blocking technology offers the only solution that provides real-time capabilities required to address today's influx of increasingly complex and varied malicious code.

This article originally appeared in the October 2006 issue of Security Products, pgs. 46-47.

Defining SASE at the Largest Consumer Electronics Chain in the Nordics
06/26/2025
Elite Interactive Receives Strategic Investment from CIVC Partners
06/26/2025
ProdataKey’s Emergency Response Integrations: Integrated Access Control Made Easy
06/25/2025
Eagle Eye Networks Enhances Partner Program to Accelerate Reseller Growth
06/24/2025
Altronix POE367 Delivers 277VAC Support at Remote Locations
06/18/2025
ONVIF, C2PA Announce Collaboration to Strengthen Trust in Digital Video
06/18/2025
Acre Security Confirms Kumar Sokka as CEO to Lead Next Phase of Growth
06/16/2025
Security LeadHER 2025 Fosters Growth, Engagement and Community for Women in Security
06/12/2025

Featured

New Report Reveals Top Trends Transforming Access Controller Technology

Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now
- Access Control
Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now
- Cybersecurity
ASIS International Introduces New ANSI-Approved Investigations Standard
- Guard Services
Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now
- Cybersecurity
Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities
EasyGate SPT SPD

Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.