Le Lézard
Classified in: Science and technology
Subject: SVY

enSilo Helps Security Community Detect Far-reaching "Process Doppelgänging" Evasion Techniques Bypassing Popular AV and NGAV Defenses


SAN FRANCISCO, Dec. 13, 2017 /PRNewswire/ -- enSilo, the company that provides unified endpoint security with NGAV and automated EDR for real-time pre- and post-infection protection, today announced a free audit that will help enterprises determine whether their deployed security products can defeat "Process Doppelgänging" evasions taking advantage of Microsoft Windows features to slip malicious ransomware and other threats past updated, market-leading AV and NGAV security products.

After discovering the Process Doppelgänging evasion technique in research conducted by Eugene Kogan, Tal Liberman and Omri Misgav, enSilo disclosed its findings last week at Black Hat Europe in a session led by enSilo researchers. A public enSilo webinar further detailing how the evasion works is also available. Process Doppelgänging's impact and scope are significant, because the evasion blinds many common anti-malware and forensics tools and lets attackers re-purpose known strains of malware otherwise blocked by these commonly-deployed defenses.

To learn more about Process Doppelgänging, view enSilo's FAQ (Frequently Asked Questions) here. To request enSilo's Process Doppelgänging Security Check audit free of charge, register here. The audit service evaluates whether a Doppelgänging evasion will be successful by running a comparative test in two operation modes. The first mode launches a test file representing malware "as is," which should be blocked by most security vendors. The second mode launches the same test file leveraging the Process Doppelgänging technique, which will bypass many AV and NGAV vendors' products.

"After our team's presentation at Black Hat Europe on Process Doppelgänging, we continue to receive an overwhelming amount of information requests about the threat from enterprises and established AV, NGAV and EPP (Endpoint Protection Platform) security vendors wanting to learn more about our research and test this new evasion against their security products," said Udi Yavo, enSilo CTO and Co-founder. "In the spirit of helping the security community - including enterprises, other vendors, testing organizations and managed security service providers managing defenses - we are making Process Doppelgänging Security Check available to shore-up defenses against this new evasion technique."

enSilo's renowned team of security researchers works tirelessly to defend customers and the wider security community from evolving threats. enSilo has earned recognition for high-profile work uncovering security risks with major operating systems and novel attack methods. This includes offering an independent patch for Windows' ESTEEMAUDIT remote desktop protocol vulnerability, detailing "AtomBombing" attacks that inject malicious code through Windows atom tables and revealing how attackers can hijack anti-virus products' own features to defeat security measures.

"Our Process Doppelgänging research demonstrates that any solution that aims to stop hackers from infiltrating is prone to one form of evasion or another. Pre-infection security capabilities that can help detect and prevent malware infection are important for maintaining good hygiene, but equally there must be post-infection countermeasures in place that can detect and stop malware real-time from causing unchecked breach impacts, disruptions and providing comprehensive protection," said Roy Katmor, CEO and Co-founder. "enSilo offers a unified approach with both pre and post infection protection capabilities to stop needless, costly dwell time and breach impacts, whether due to simple or sophisticated forms of malware."

About enSilo
enSilo comprehensively secures the endpoint pre- and post-infection. enSilo automates and orchestrates detection, prevention and real-time response against advanced malware and ransomware without burdening cybersecurity staff. enSilo's single lightweight agent includes next generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response and virtual patching capabilities. Coupled with a patented approach that has full system visibility, enSilo's endpoint security solution stops modern malware with a high degree of precision and intuitive user interface. Cybersecurity staff with enSilo can effectively manage malware threats without alert fatigue, excessive dwell time or breach anxiety. enSilo's cloud management platform is flexible and extensible to meet operational needs that stop malware impact. For more information please visit www.ensilo.com.

 

SOURCE enSilo


These press releases may also interest you

at 18:56
Nutex Health Inc. ("Nutex Health" or the "Company") (NASDAQ:...

at 18:53
The American Council of Engineering Companies (ACEC) of California announced today the recipients of its 2024-25 Scholarship Foundation scholarships. ACEC California's Scholarship Foundation awards annual scholarships to accomplished graduate or...

at 18:50
Doma Holdings, Inc. , a leading force for innovation in the real estate industry, today announced that it has entered into a definitive agreement and plan of merger (the "transaction") with Title Resources Group ("TRG"), one of the nation's leading...

at 18:35
McorpCX, a leading customer and employee experience consultancy, and CX capabilities builder driving greater customer centricity since its founding in 2002, today announced the acquisition of UK-based myCXvision, a customer experience management...

at 18:30
The "Digital Banking - Global Strategic Business Report" has been added to  ResearchAndMarkets.com's offering. The global market for Digital Banking estimated at US$21.1 Billion in the year 2023, is projected to reach a revised size of US$53.5...

at 18:18
NASA is awarding approximately $3.7 million to 17 museums, science centers, and other informal education institutions as part of an initiative to ignite STEM excitement. The money will go toward projects that inspire students and their learning...



News published on and distributed by: