Attackers invest tremendous efforts to develop and test malicious programs that evade your existing defenses and will only launch in an environment it considers safe.
Evasive malware checks for a variety of security tools e.g. sandbox, debugger, antivirus and others, and only then decides whether or not to attack.
Existing security tools that rely on known indicators such as signatures, behavioral models or patterns, won’t catch evasive malware as their techniques are unknown and have not been detected before. These solutions are designed to identify an attack based on something that is known and detection will happen after the malware has a foothold on the endpoint, which leaves it just a little too late.
Minerva Labs' Hostile Environment Simulation mimics the presence of security products that evasive malware is designed to bypass. When advanced malware encounters artifacts belonging to the following categories, it shuts itself down instead of exhibiting its true nature:
Anti-Virus and other security solutions used for malware detection.
Virtual machines and emulators, used for manual and automatic malware analysis.
Sandbox products, used to learn the behavior of suspicious programs by detonating them in a controlled environment.
Forensics toolkits, used by analysts to dissect malware samples as part of forensics investigations.
Block evasive malware attacks without the need to seek and detect malware.
Avoid tedious investigations of false alarms and irrelevant alerts.
Significantly strengthen endpoint security by closing the gap of unknown attacks.
Deploying Minerva’s Hostile Environment Simulation, forces malware authors to “pick their poison” and significantly strengthens your ability to resist persistent attacks.
If attackers try to evade your baseline security products, Minerva Hostile Simulation will block them. If they don’t use evasion tactics, your existing anti-malware tools will handle the infection.
Block unknown threats that are designed to evade your existing defensesDownload >>
Learn more about evasive malware in our webinar co-hosted with SANS InstituteWatch >>
Evasion techniques are a set of malware capabilities that evolved as a result of the need to avoid execution within a hostile environment.Download >>