Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Nov 07, 2018

You have a choice in cyberthreat protection.

At the core of every cyberthreat protection or prevention solution is an analysis philosophy that forms not only the basis of the intellectual property of a given security vendor, but the very method by which you are betting your organizations safety. 

Moving past signature-based solutions, you have a choice of behavior-based or static analysis. Knowing the differences in these analysis techniques will give you a greater understanding of how safe your chosen solution can be for your environment.

Behavioral Analysis Analyzes Patterns   

According to an Infosecurity Magazine article titled “Advanced Malware Detection – Signature vs. Behavior analysis”: “Behavior-based malware  detection evaluates an object based on its intended actions before it can actually execute that behavior. An object’s behavior, or in some cases its potential behavior, is analyzed for suspicious activities. Attempts to perform actions that are clearly abnormal or unauthorized would indicate the object is malicious, or at least suspicious.” TechTarget also adds that,

“Most behavior-based security programs come with a standard set of policies for which behaviors should be allowed and which should be considered suspicious, but also allow administrators to customize policies and create new policies.

Some products are sophisticated enough to apply machine learning algorithms to data streams so that security analysts don't need to program in rules about what comprises normal behavior.”

We have discussed the pros and cons of this solution in a previous blog here.

Static Analysis Looks at the Code, Not the Exploit

Static analysis-based security was established because it’s time for a new approach. What is needed is a deterministic method – one that doesn’t try to guess at the motives, methods or suspicious activities of the attackers. It based on the assumption that any machine code buried within a data object is by nature malicious and shouldn’t be there.

This “non-behavioral” approach helps organizations prevent intrusions before they enter the network. By looking at the code instead of the exploit, this approach can detect both known and unknown malware.

It can accurately find any machine instruction buried within a data object no matter how deeply those commands might be obfuscated or hidden. It can see through packing, shellcode encryption and obfuscated content, without prior knowledge of methods.

Static Analysis in Action

Solebit’s SoleGATE uses a static analysis which is faster, more accurate, not-OS-version-dependent and covers 100% of your code, with complete visibility. With SoleGATE, every line of code is evaluated, making sandbox evasion techniques ineffective. The platform is agnostic to file type, client-side application type, or the client operating system used within the organization. Unlike a sandbox which has to simulate specific customer environments, SoleGATE provides protection regardless of operating system, CPU architecture, and function (client, server) of the targeted machine.

The addition of Solebit into the Mimecast family gives you a leg up on preventing that one entry into your cyber environment. Further enhancing Mimecast’s cyber resilience platform architecture, Solebit provides powerful threat protection to help customers face today’s broad threat landscape with evasion-aware, signature-less technology. The Solebit solution uses Multi-Tier protection to defend against attacks at different levels of the stack.

This comprehensive approach is powerful, as evasion techniques may spread across different layers. The solution protects against advanced malware by using Solebit’s deep inspection that analyzes commands at the CPU level, all the way up to the application level, analyzing macros and embedded JavaScripts in Microsoft office or any other data file types whether on-premises or in your public or private clouds.

Learn more here.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Nov 07, 2018

You may also like:

Two Major Reasons We’re Failing at Cybersecurity

Good enough security is good enough no l…

Good enough security is good enough no longer. You use emai… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jul 24, 2018

Mimecast & Solebit: Changing the Malware Protection Game

Mimecast has acquired Solebit. Here’s wh…

Mimecast has acquired Solebit. Here’s why. Just like there … Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Aug 07, 2018

7 Tips to Safeguard Public WiFi Use

With Cybersecurity Awareness Month here,…

With Cybersecurity Awareness Month here, we’re ready to help… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 30, 2018