In an attempt to successfully evade baseline anti-malware products, attackers try to hide in legitimate processes on the endpoint by injecting malicious code into the memory of authorized applications.
These fileless attacks leverage known vulnerabilities (browsers, Java, Flash, etc.) and phishing campaigns to gain entry, run code in the target computer’s memory, and continue to infiltrate by launching script interpreters like PowerShell.
Malware that manipulates existing Windows programs in this way are able to trick AV, as it is difficult to distinguish between legitimate macros and malicious document files.
Existing security tools that rely on known indicators such as signatures, behavioral models or patterns, won’t catch evasive malware as their techniques are unknown and have not been detected before. These solutions are designed to identify an attack based on something that is known and detection will happen after the malware has a foothold on the endpoint, which leaves it just a little too late.
Minerva’s Memory Injection Prevention module blocks attempts by fileless and other memory-resident malware to hide in legitimate processes and evade detection.
By deceiving the malware about its ability to interact with other processes, Minerva prevents the malware from gaining a foothold on the endpoint, rendering its evasion technique ineffective.
Prevent the fileless malware access to memory and sensitive data, blocking the attack before infection.
Safely and securely use advanced file features, removing the risk of human error.
Automatically detect unauthorized processes and spend less time monitoring device and Windows logs.
The Memory Injection Prevention module also protects your Point of Sale and custom in-house applications by preventing malicious code from being injected into your sensitive processes.
Minerva deceives the malware and denies its access to memory, credit card data and other sensitive information, keeping your data safe.
This webcast will explain a unique approach to preventing evasive malware from infecting endpoints.Watch >>
Watch a demo of how Minerva Labs Anti-Evasion Platform boosts your endpoint security when integrated with McAfee and enhances your investmentWatch >>
Discover the reasons why evasion techniques work, even with a layered defense approach and how to evolve your endpoint protection strategy, to cover the gap.Download >>