Wedge Technical Services Bulletin: WedgeAMB Protection Against Erebus Ransomware

No Gravatar

NAYANA, a major web hosting company in South Korea, has reportedly paid over 1.3 billion South Korean won (~ $1.15M USD) in ransom to secure a decryption key to unlock 153 Linux servers which affected the websites of approximately 3,400 businesses [Source: News Article]. The Erebus ransomware attack, launched on June 12, 2017, gained widespread attention due to the large number of affected businesses and NAYANA’s decision to pay the ransom.

While security vendors globally have now identified and issued signature updates to protect against this particular form of ransomware, this attack highlights the ability of cyber criminals to materially modify their malware to bypass conventional signature and heuristic based security alone. WedgeAMB’s multi-layered security has proven instrumental in inline blocking of new ransomware attacks like WannaCry and Erebus, without requiring signature updates. WedgeAMB is uniquely positioned to detect and block future variants of Erebus and other ransomware families using a combination of Wedge’s patented real-time deep content inspection engine, working in concert with four different malware detection technologies, to block both known and new, never encountered before malware, in real-time.

Infection Vector
The Erebus family of ransomware appears to be the work of an APT group which Kaspersky Labs refers to as ScarCruft. They believe ScarCruft is behind both Operation Erebus and Operation Daybreak. Daybreak was first launched in March 2016 and employed a previously unknown (zero day) Adobe Flash Player exploit. Operation Erebus employs an older exploit, for CEV-2016-4117 and leverages watering holes. A patch for that exploit was available in April 2017, so it is not clear if NAYANA had not implemented the patch or if a newer zero-day exploit was deployed.

The Erebus exploit may be delivered by a phishing attack, or using the watering holes in which a legitimate website is hacked and exploits are inserted into Adobe Flash Player downloads. A second stage download is encrypted differently each time, to prevent detection by signature based AV scans.

Erebus also uses a bug in the Windows Dynamic Data Exchange (DDE) component to avoid AV detection. It is well known that anti-malware systems trigger on special system functions that are invoked to provide deeper analysis of API calls such as CreateProcess, WinExec or ShellExecute. For example, many AV defense technologies trigger if a potentially vulnerable application such as Adobe Flash starts other untrusted applications, scripts interpreters or even the command console. In the case of Erebus, the threat actors used the Windows DDE interface to make payload execution invisible to conventional AV scans.

Wedge Solution
WedgeAMB uses a multi-layered AV scanning approach that is built upon Wedge’s patented Deep Content Inspection (DCI) Technology (USPTO 7,630,379) where network traffic is assembled in real-time into its constituting objects. The ability to inspect content at the network layer gives WedgeAMB the visibility of network content that is currently only possible at an endpoint device, without the risk of downloading threats to the actual endpoints. When an end user clicks on a link provided via an email phishing attack or a website watering hole, the signature AV scan will detect any malware with an existing signature. The changing encryption nature of Erebus will likely bypass any known signature scan. Next, the heuristic scan will detect and block variants, including HTTPS encrypted content. There is a high probability that WedgeAMB’s heuristic scan will block modest variants of Erebus. If the malware has undergone more dramatic modification to avoid heuristic detections, WedgeAMB also analyzes executable content using artificial intelligence anti-malware. WedgeAMB’s AI-AM technology will analyze the executable code to immediately detect and block the payload, in real-time, before the payload is downloaded.

Defending Linux Servers Against The Next Ransomware Attack
The recent Erebus attack is just one more example of the increasing frequency and intensity of new cyber threats. The following steps are recommended to mitigate future ransomware and malware attacks in general.
• Update system and server patches routinely. Routine patch management policies should ensure that the system and server have the latest available patches, fixes, and kernel updates.
• Use discretion when adding third-party or unknown repositories or packages. If possible, remove or disable unnecessary components or services in the server to further reduce the attack surface area.
• Restrict permissions and privileges to help reduce the threat of unauthorized use.
• Implement a data backup and recovery plan which includes storage of critical data in remote locations that are not readily accessible to the local network.
• Scrub your network data with multi-level threat prevention systems which include AI powered, advanced threat prevention, such as WedgeAMB™ to block threats before data is delivered to endpoints.
• Apply network segmentation to minimize the risk of spreading infections to other machines.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Wedge Offers Vulnerable Businesses WannaCry and Future Ransomware Threat Protection as a Free Trial for Immediate Threat Prevention

No Gravatar

WedgeAMB Uses Multiple Layers of Network Security to Detect and Immediately Block WannaCry and Future Variants of Ransomware – Providing Immediate Protection for Enterprise Networks.

Calgary, Alberta, Canada, May 17, 2017 – Wedge Networks, the leader in real-time network threat prevention, today announced a “Prevention First” program making virtual machine (VM) versions of the Wedge Advanced Malware Blocker™ (WedgeAMB) immediately available as free trial systems to protect enterprise networks while companies re-evaluate their threat prevention strategies. Countless businesses and institutions globally were caught off guard and unprotected by the WannaCry ransomware attack over the past week. WedgeAMB uses a unique combination of patented real-time deep content inspection with four different cutting edge security technologies to detect and immediately block new zero-day multi-vectored threats such as WannaCry ransomware and much more. For a limited time, Wedge is offering free access to WedgeAMB VMs to concerned network operators for up to 90 days, providing them with advanced threat prevention while they seek budget approvals for longer term requirements.

“Security is evolving as rapidly as new threats such as the WannaCry ransomware attacks”, said James Hamilton, CEO of Wedge Networks, Inc. “Enterprises are challenged to keep up with investigating and evaluating new security technologies to protect against brand new, never before encountered threats. They need solutions that provide immediate protection against new threats as they emerge, without having to wait hours or days for their vendor to issue a new signature or software update. WedgeAMB provides this level of new threat prevention and we want to make it available to companies with a concern about their current vulnerability to these attacks. That’s why we’ve launched the Prevention First program.”

The WannaCry ransomware is reported to have been delivered using different threat vectors. In some cases, phishing attacks were used to deliver the ransomware payload, in other cases a worm, exploiting a vulnerability in Microsoft SMB v1.0 servers was used for ransomware delivery. WedgeAMB employs a combination of technologies which makes it uniquely positioned to defend against these multi-vectored attacks.

The 100 Mbps and 1 Gbps VM versions of WedgeAMB are available for a free download and trial period evaluation. Interested parties can register for a free trial and evaluation system by visiting www.WedgeNetworks.com or via this trial registration link.

As a VM, WedgeAMB will run on standard, commercial off the shelf server hardware which enterprise customers can procure online or from local computer stores. The VM can be loaded on a variety of virtualization hosts which are also available online. Details on the required virtualization environment can be found on the WedgeAMB data sheet.

By the end of the 90-day evaluation period, customers can convert to a fully licensed VM systems or purchase an appliance. There is no obligation to purchase a WedgeAMB license or appliance.

About WedgeAMB and Free Evaluation System

WedgeAMB™ is one of the key security application sets supported on the Wedge’s Absolute Real-time Protection (WARP) Series of network security products. WedgeAMB is available in both appliance and virtual machine (VM) versions, supporting 100 Mbps, 1 Gbps, and soon 10 Gbps network connections. WedgeAMB is typically placed in-line at the enterprise or datacenter location, where it conducts a combination of deep packet and deep content inspection, including the real-time creation of fully reconstructed MIME objects (web pages, word, PDF, power point, excel documents, etc.) and subjects them to an orchestrated, multi-thread scanning with IPS/IDS, signature-based AV, heuristic-based AV, and AI-based anti-malware. This comprehensive analysis is completed in milliseconds, allowing malware to be detected and immediately blocked at the network level, before content is delivered to endpoints. Further information on WedgeAMB is available on the Wedge Networks website, or in this link to a WedgeAMB product brochure.

WedgeAMB is based upon the same award winning Wedge security technologies and software that lead to Gartner’s inclusion of Wedge Networks in their 2016 Cool Vendor report for cyber security.

About Wedge Networks:

Wedge Networks™ is revolutionizing real-time network security with cutting edge innovation, performance, and scale. Embracing global innovation, Wedge’s Cloud Network Defense™ (WedgeCND™) and Absolute Real-Time Protection (WedgeARP™) Series of products integrate and orchestrate the industry’s highest performance security inspection and mediation engines with best-in-class security technologies developed by Wedge and third parties. Purpose-built as fully virtualized security systems, these products can be deployed in the form of x86 appliances, virtual machines, or cloud application software. Today, these industry-leading solutions block security threats for tens of millions of end users in enterprise, service provider, government agency, and security-as-a-service networks spanning more than 17 countries.

Wedge Networks is headquartered in Calgary, Canada with international offices in Dallas, USA; and Manama, Bahrain. Visit http://www.wedgenetworks.com/ for more information

Media Contacts:
USA & International PR contact:
Kate Fly
Zonic Group PR
kfly@zonicgroup.com
Phone: +1 512 751 4637

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , | Leave a comment

Wedge Technical Service Bulletin: WedgeAMB Protection Against WannaCry Ransomware

No Gravatar

The WannaCry ransomware family of malware was unleashed across the globe last week in more than 150 countries; impacting more than 200,000 victims, as of Sunday, May 14th according to Rob Wainwright, the head of the European Union’s law enforcement agency Europol. While security vendors globally have now identified and issued signature updates to protect against WannaCry, WedgeAMB’s multi-layered security has proven instrumental in blocking this multi-vectored attack, without requiring software updates. WedgeAMB is uniquely positioned to detect and block future variants of WannaCry and other ransomware families using a combination of Wedge’s patented real-time deep content inspection engine, working in concert with four different malware detection technologies, to block both known and new, never encountered before malware, in real-time.

Infection Vector
The attack used a multi-vectored approach consisting of the WannaCry/Wcry, a relatively new ransomware family that was discovered in April. In some cases, the exploit was delivered via a phishing attack and in other cases it was delivered using a worm that exploits a vulnerability in the Windows SMB 1.0 Server [CVE- 2017-0144] which was identified in March. In the phishing scenario, the event begins when one end user in an enterprise’s network clicks on a link which triggers the download of a dynamic link library (DLL) file which contains the WannaCry ransomware.
The infographic below provides a summary illustration as published by the Wall Street Journal.


In the SMB scenario, the exploit was delivered using a worm which operates without requiring end user activation. As a new version of malware, WannaCry evaded the detection by thousands of conventional signature and heuristic-based anti- virus and firewall security systems.

Wedge Solution
WedgeAMB also uses signature and heuristic-based AV technology, but, using its patented Deep Content Inspection Technology (USPTO 7,630,379) where network traffic is assembled in real-time into its constituting objects, WedgeAMB also analyzes executable content in using artificial intelligence anti-malware. WedgeAMB’s AI-AM technology immediately recognized that the DLL file contained malware and blocked the file, in real-time, from being downloaded.
Even before such a threat is detected by the AI-AM technology, WedgeAMB scans packets as they first enter the system. In the SMB worm based scenario, the WedgeAMB Packet Inspection function blocked the worm that would have exploited CVE-2017-0144, thus eliminating the potential for dissemination of the ransomware. As such, WedgeAMB’s real-time, orchestrated malware threat scanners blocked both vectors of the WannaCry cyberattack, in real-time – the “worm” or the propagation vector using its packet inspection scanner, and the worm or phishing “payload”, the infecting vector, using its AI-AM deep content inspection scanner with AI-AM.

Defending Against The Next Ransomware Attack
The recent WannaCry attack is just one more example of the increasing frequency and intensity of new cyber threats. The following steps are recommended to mitigate future ransomware and malware attacks in general.
• Ensure all conventional anti-virus software is up to date. If possible, deploy new AI based AV endpoint protection software, such as Cylance PROTECT®, which does not rely on signature updates to detect and block new malware.
• Implement a data backup and recovery plan which includes storage of critical data in remote locations that are not readily accessible to the local network.
• Educate and encourage all network users to follow best practices regarding web and email interactions, to minimize the potential for user activated threats.
• Enable automated patches for your operating system and Web browsers.
-As an example, according to Microsoft, service packs, hotfixes and security patches are updates to products to resolve a known issue or workaround. Moreover, service packs update systems to the most current code base. Being on the current code base is important because that’s where Microsoft focuses on fixing problems. Security patches minimize security risks and other vulnerabilities. These are analogous to hotfixes. Microsoft, primarily offers different routes for obtaining client software security patches for its products. It is important to be current on how to patch your product.

-The WannaCry Ransomware exploits were all covered by different security patches. This link provides a summary: https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
• Scrub your network data with multi-level threat prevention systems which include AI powered, advanced threat prevention, such as WedgeAMBTM to block threats before data is delivered to endpoints.

The following infographic provides a summary of how WedgeAMB uses multiple levels of malware scanning technologies to detect and block not only known and heuristically similar threats, but also new, never before encountered threats such as the original WannaCry attack. This platform architecture combined with WedgeAMB’s patented deep content inspection, orchestration and SubSonic Engine™ uniquely positions WedgeAMB to protect enterprise networks from the next, new global ransomware attack.

Security Bulletin References

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , | Leave a comment

WedgeAMB With Multi-Layered Network Security Blocks WannaCry Ransomware Without Requiring Software Updates

No Gravatar

WedgeAMB’s Unique Multi-Technology, Multi-Layered Architecture Provides Critical Protection Against New Multi-Vectored Attacks, Without Requiring Software Updates!

Calgary, Alberta, Canada, May 15, 2017 –Wedge Networks, the leader in real-time network threat prevention, today announced that Wedge Advanced Malware Blocker™ (WedgeAMB) blocks the WannaCry ransomware family of malware, without requiring signature or software updates. While security vendors globally are now issuing alerts declaring protection from WannaCry ransomware, WedgeAMB is one of the few, if not the only, network security system that was able to detect and block WannaCry before vendor issued signature updates became available, well after the attacks and pervasive ransomware events.

The global attacks launched across more than 150 countries has impacted more than 200,000 victims, as of Sunday, May 14th, according to Rob Wainwright, the head of the European Union’s law enforcement agency Europol. While security vendors globally have now identified and issued signature updates to protect against WannaCry, WedgeAMB blocked the initial malware attack, without requiring any signature update. Additionally, WedgeAMB is uniquely positioned to detect and block future variants of WannaCry and other ransomware families using a combination of Wedge’s patented real-time deep content inspection engine working in concert with four different malware detection technologies to block both known and new, never encountered before malware in real-time.

The attack used a multi-vectored approach consisting of WannaCry/Wcry, a relatively new ransomware family that was discovered in April. In some reported cases the exploit was delivered via phishing attacks and in other cases it was delivered using a worm that exploits a vulnerability in the Windows SMB v 1.0 Server (CEV-2017-0144) which was identified in March.

As a new version of malware, WannaCry evaded the detection by thousands of conventional signature and heuristic-based anti-virus security systems. WedgeAMB also uses signature and heuristic-based AV technology, but using its patented Deep Content Inspection Technology (USPTO 7,630,379) where network traffic is assembled in real-time into its constituting objects, WedgeAMB also analyzes executable content using artificial intelligence anti-malware. WedgeAMB’s AI-AM technology immediately recognizes that the DLL file contains malware and blocks the file from being downloaded, thus averting an infection.

WedgeAMB also scans the packets as they first enter the system. This packet inspection function blocks the worm that would have exploited CVE-2017-0144, thus eliminating the potential for dissemination of the ransomware. WedgeAMB’s ability to use orchestrated malware scanners to block the worm actually stops the attack from happening. However, if the worm was able to execute, WedgeAMB’s AI-AM technology will block the actual download of the ransomware payload, providing a secondary level of threat prevention.

About WedgeAMB and Free Evaluation System

WedgeAMB™ is one of the key security application sets supported on the Wedge’s Absolute Real-time Protection (WARP) Series of network security products. WedgeAMB is available in both appliance and virtual machine (VM) versions, supporting 100 Mbps, 1 Gbps, and soon 10 Gbps network connections. WedgeAMB is typically placed in-line at the enterprise or datacenter location, where it conducts a combination of deep packet and deep content inspection, including the real-time creation of fully reconstructed MIME objects (web pages, word, PDF, power point, excel documents, etc.) and subjects them to an orchestrated, multi-thread scanning with IPS/IDS, signature-based AV, heuristic-based AV, and AI-based anti-malware. This comprehensive analysis is completed in milliseconds, allowing malware to be detected and immediately blocked at the network level, before content is delivered to endpoints. Further information on WedgeAMB is available on the Wedge Networks website, or in this link to a WedgeAMB product brochure.

WedgeAMB is based upon the same award winning Wedge security technologies and software that lead to Gartner’s inclusion of Wedge Networks in their 2016 Cool Vendor report for cyber security.

About Wedge Networks:

Wedge Networks™ is revolutionizing real-time network security with cutting edge innovation, performance, and scale. Embracing global innovation, Wedge’s Cloud Network Defense™ (WedgeCND™) and Absolute Real-Time Protection (WedgeARP™) Series of products integrate and orchestrate the industry’s highest performance security inspection and mediation engines with best-in-class security technologies developed by Wedge and third parties. Purpose-built as fully virtualized security systems, these products can be deployed in the form of x86 appliances, virtual machines, or cloud application software. Today, these industry-leading solutions block security threats for tens of millions of end users in enterprise, service provider, government agency, and security-as-a-service networks spanning more than 17 countries.

Wedge Networks is headquartered in Calgary, Canada with international offices in Dallas, USA; and Manama, Bahrain. Visit http://www.wedgenetworks.com/ for more information

Media Contacts:
USA & International PR contact:
Kate Fly
Zonic Group PR
kfly@zonicgroup.com
Phone: +1 512 751 4637

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , | Leave a comment

Wedge Networks Named a Finalist for the 2017 Light Reading Leading Lights Awards

No Gravatar

Calgary, Canada, 24 April 2017 – Wedge Networks, the leader in real-time network threat prevention, today announced that its submission of the “Democratization of Advanced Threat Prevention” has been named a finalist at the 2017 Leading Lights Awards in the category of Most Innovative Security Strategy by Light Reading, the market-leading online community dedicated to the global communications sector.

The Most Innovative Security Strategy Award is bestowed upon the communications service provider, systems integrator or technology developer that has unveiled the most innovative security strategy during the past year. Now in its thirteenth year, the Leading Lights Awards are the communications industry’s leading awards program. Light Reading’s reputation for fiercely independent analysis makes this the most credible and authoritative awards program in the communications industry. This year’s awards will recognize the industry’s top companies and their executives for their outstanding achievements in next-generation communications technology, applications, services, strategies and innovations through 23 categories.

“We are extremely grateful to be named as a finalist for our security strategy of democratizing advanced threat protection through the use of our Wedge Advanced Malware Blocker™ product. This recognition provides ongoing justification for the innovative technology that we continue to offer the industry in order to provide a superior security solution.” said James Hamilton, Wedge’s CEO. “We believe that the multi-layered strategy of new and dramatically improved threat prevention, provided with low technical risk, and with configurations suitable for businesses large and small, greatly democratizes advanced threat prevention for everyone.”

About Wedge
Wedge Networks™ is revolutionizing real-time network security with cutting edge innovation, performance, and scale. Embracing global innovation, Wedge’s Cloud Network Defense™ (WedgeCND™) and Absolute Real-Time Protection (WedgeARP™) Series of products integrate and orchestrate the industry’s highest performance security inspection and mediation engines with best-in-class security technologies developed by Wedge and third parties. Purpose-built as fully virtualized security systems, these products can be deployed in the form of x86 appliances, virtual machines, or cloud application software. Today, these industry-leading solutions block security threats for tens of millions of end users in enterprise, service provider, government agency, and security-as-a-service networks spanning more than 17 countries.

Wedge Networks is headquartered in Calgary, Canada with international offices in Dallas, USA; and Manama, Bahrain. Visit http://www.wedgenetworks.com/ for more information.

Contact:
Kate Fly
Zonic Group PR
kfly@zonicgroup.com
Phone: +1 512 751 4637

Posted in Industry News, Wedge News | Tagged , , , | Leave a comment

Wedge Networks Wins Twice at the 13th Annual 2017 Info Security Products Guide Global Excellence Awards

No Gravatar

Wedge Wins in the Categories of New Products and Services and Cloud Security

San Francisco, 13 February 2017 – Wedge Networks, the leader in real-time network threat prevention, today announced that Info Security Products Guide, the industry’s leading information security research and advisory guide, has honoured it twice at this year’s ceremony. Wedge Networks’ newly released Wedge Advanced Malware Blocker™ v1.0, the first product in the Wedge Absolute Real-time Protection™ (WedgeARP) series of enterprise solutions, won in the category of New Products and Services, and its Wedge Cloud Network Defense™ v2.1.4 garnered accolades once again in the category of Cloud Security.

The security industry celebrated its 13th Annual 2017 Global Excellence Awards in San Francisco by honouring excellence in every facet of the industry including products, people behind the successes and best companies.

More than 40 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2017 Global Excellence Awards Finalists and Winners. Winners were announced during the awards dinner and presentation on February 13, 2017 in San Francisco attended by the finalists, judges and industry peers.

“We are extremely pleased to be recognized by the Info Security Products team for both our enterprise and cloud products this year. Being honoured for our newly released WedgeAMB™ provides great justification to the innovative technology that we are bringing to the industry in order to provide a superior security solution in the enterprise space.” said James Hamilton, Wedge’s CEO. “We are also proud that the ongoing updates to our Cloud Network Defense™, with version 2.1.4 being lauded, have also lead the way in the category of Cloud Security. We continue to develop and improve upon our technologies that provide the industry’ highest performing real-time hyper-inspection and orchestration engine. In both of our products being honoured tonight, we have been able to orchestrate the industry’s best security technologies, allowing them to join forces in the fight against malware and cybercrime.”

About Info Security Products Guide

Info Security Products Guide plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources. It is written expressly for those who are adamant on staying informed of security threats and the preventive measure they can take. You will discover a wealth of information in this guide including tomorrow’s technology today, best deployment scenarios, people and technologies shaping info security and market research reports that facilitate in making the most pertinent security decisions. The Info Security Products Guide Global Excellence Awards recognize and honor excellence in all areas of information security. To learn more, visit www.infosecurityproductsguide.com and stay secured.

About Wedge

Wedge Networks™ is revolutionizing real-time network security with cutting edge innovation, performance, and scale. Embracing global innovation, Wedge’s Cloud Network Defense™ (WedgeCND™) and Absolute Real-Time Protection (WedgeARP™) Series of products integrate and orchestrate the industry’s highest performance security inspection and mediation engines with best-in-class security technologies developed by Wedge and third parties. Purpose-built as fully virtualized security systems, these products can be deployed in the form of x86 appliances, virtual machines, or cloud application software. Today, these industry-leading solutions block security threats for tens of millions of end users in enterprise, service provider, government agency, and security-as-a-service networks spanning more than 17 countries.

Wedge Networks is headquartered in Calgary, Canada with international offices in Dallas, USA; and Manama, Bahrain. Visit http://www.wedgenetworks.com/ for more information

Contact:
Kate Fly
Zonic Group PR
kfly@zonicgroup.com
Phone: +1 512 751 4637

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Intelligent Malware Prevention Just Got Smarter

No Gravatar

Wedge Networks adds cloud-based malware analyzer option to the AI powered Wedge Advanced Malware Blocker to automatically characterize and learn from blocked threats

CALGARY Feb. 1, 2017—Wedge Networks, the leader in real-time network threat prevention, today announced Wedge Malware Analyzer™ (WedgeMA™), a powerful new cloud-based subscription service for analyzing and characterizing suspected malware that is blocked by the Wedge Advanced Malware Blocker™ (WedgeAMB™).

WedgeAMB delivers the industry’s highest accuracy and performance for real-time, inline detection and blocking of both known and new, previously unknown Ransomware and other malware. WedgeMA further enriches this capability by executing and characterizing suspected malware and then feeding the results back to WedgeAMB systems globally to further improve malware prevention speed and accuracy for all customers using the platform.

“Malware prevention is job number one but elevating threat intelligence is also critically important,” said James Hamilton, CEO of Wedge Networks, Inc. “Our customers also want to understand the intentions of blocked threats. The addition of WedgeMA to our Wedge Absolute Real-time Protection Series elevates our customer’s threat intelligence and continuously optimizes WedgeAMB’s industry leading speed and accuracy.”

“I began testing WedgeAMB late in 2016”, said Jason Robohm, Cybersecurity Practice Manager and Solutions Architect for Computex Technology Solutions. “WedgeAMB has demonstrated superior threat detection and blocking performance, particularly when tested against new or highly modified variants of advanced malware and Ransomware. The addition of WedgeMA to characterize new, never before encountered malware blocked by WedgeAMB will provide powerful insights into the assets that cybercriminals are targeting and the network vulnerabilities which they intend to exploit.”

WedgeMA provides an optional cloud-based service which allows WedgeAMB customers to automatically forward content which is blocked but not conclusively identified as known malware, to the cloud for behavioural analysis. WedgeMA will automatically execute the content and issue a detailed report which characterizes the intended actions and behaviours of the malware. WedgeMA also identifies false positive verdicts, and clears legitimate applications for use.

WedgeMA automatically accumulates intelligence from both confirmed malware and confirmed false positives and then shares this intelligence with WedgeAMB systems globally to accelerate processing, thereby improving performance and accuracy for all customers using the platform. This automated, patented intelligence feedback loop enables WedgeAMB to continuously learn and improve the protection and security of customer networks.

Meet with Wedge at RSA

Wedge Networks will be at RSA 2017, San Francisco, February 13-16, 2017. Visit us at the Canadian Government’s Ontario Pavilion, Booth # S2820, and Spirent’s Booth (#S2015) where we’ll be showcasing WedgeAMB working in conjunction with Spirent’s CyberFlood™ applications and security test system. Contact us at marketing@wedgenetworks.com to schedule your meeting today.

About Wedge

Wedge Networks™ is revolutionizing real-time network security with cutting edge innovation, performance, and scale. Embracing global innovation, Wedge’s Cloud Network Defense™ (WedgeCND™) and Absolute Real-Time Protection (WedgeARP™) Series of products integrate and orchestrate the industry’s highest performance security inspection and mediation engines with best-in-class security technologies developed by Wedge and third parties. Purpose-built as fully virtualized security systems, these products can be deployed in the form of x86 appliances, virtual machines, or cloud application software. Today, these industry-leading solutions block security threats for tens of millions of end users in enterprise, service provider, government agency, and security-as-a-service networks spanning more than 17 countries.

Wedge Networks is headquartered in Calgary, Canada with international offices in Dallas, USA; and Manama, Bahrain. Visit http://www.wedgenetworks.com/ for more information

Media Contacts:
PR contact:
Kate Fly
Zonic Group PR
kfly@zonicgroup.com
Phone: +1 512 751 4637

Posted in Unclassified | Leave a comment

Wedge Networks Super Charges Security-as-a-Service with the Addition of Advanced Malware Blocker Subscription Service

No Gravatar

The addition of cutting edge AI technology to detect and block advanced malware threats as a subscription service is a game changer for managed security service providers and their business customers.

November 8, 2016, Baltimore, MD – Wedge Networks, the leader in real-time threat prevention, is today announcing the addition of the Wedge Advanced Malware Blocker™ (WedgeAMB™) security application to its Security-as-a-Service delivery platform at the global networking conference MEF16 being held on 7-10 November 2016 in Baltimore. The addition of this disruptive Fortune 500-grade malware prevention technology to the Security-as-a-Service delivery platform expands the addressable market to more than two hundred million small and medium sized businesses globally seeking higher performing security against Ransomware and other malware attacks in the form of subscription services.

WedgeAMB orchestrates Wedge’s real-time hyper-inspection engines in collaboration with Cylance® artificial intelligence (AI) malware prevention technology – and multiple other anti-virus technologies – to detect and block viruses and advanced malware at the network level with industry leading performance. “I have had the opportunity to compile an extensive library of conventional and highly advanced viruses and malware, and to create customized malware for the purpose of security system evaluations”, said Jason Robohm, Cybersecurity Practice Manager and Solution Architect for Computex Technology Solutions. “WedgeAMB provided the highest malware detection and blocking efficacy of any system that I have evaluated to date, which includes most mainstream NGFW, IPS’s, and Secure Web Gateways. My tests produced an efficacy rate of greater than 99.5%, which is a remarkable achievement against both known and unknown “mutated” malware samples.”

WedgeAMB also provides ground-breaking network-wide threat intelligence, identifying the attackers, their targets, and their tools, and thus identifying the most critical threats. This feature addresses a critical intelligence requirement of larger enterprises with dedicated security operations teams, and it introduces an entirely new level of threat intelligence visibility to smaller businesses which typically lack costly dedicated Security Information & Event Management (SIEM) systems.

WedgeAMB is currently available in 100 Mbps, 1 Gbps and soon 10 Gbps virtual machine and appliance models for deployment by larger enterprises. The addition of WedgeAMB to Wedge Cloud Network Defense™ for Security-as-a-Service will enable Managed Security Service Providers (MSSPs) to offer this advanced level of malware prevention in the form of a cloud-based subscription service to a much broader range of customers. The subscriber’s web and email content will be scanned in the service provider’s cloud to detect and remove viruses and malware while data is in transit, before it’s delivered to the broadband service subscribers, protecting them for Ransomware and other advanced malware threats.

“WedgeAMB’s integration of artificial intelligence is a game changer for larger enterprises, because it blocks malware that historically required a sandbox to detect malware after it already entered the enterprise and required costly and disruptive remediation exercises, said Frank Wiener, Vice President of Marketing at Wedge Networks. “Providing real-time malware prevention to smaller businesses in the form of Security-as-a-Service through our MSSP partners will expand WedgeAMB’s reach to potentially millions of small businesses that may otherwise be exposed to Ransomware and other advanced threats.”

WedgeAMB will be available on the Wedge Cloud Network Defense security platform for Security-as-a-Service applications and large cloud-based enterprise security deployments in December 2016. Potential customers and MSSPs that are interested in trialing and evaluating WedgeAMB can do so immediately by registering to download a VM version of the enterprise product. Please visit www.wedgenetworks.com to register and learn more.

See Security-as-a-Service in Action at MEF16
Wedge and ePLDT are jointly showcasing Security-as-a-Service running from ePLDT’s cloud in the Philippines at the MEF16 Proof of Concept (PoC) Showcase. Be sure to attend MEF16 and visit us at the PoC for your own live demonstration.

About Wedge
Wedge Networks™ is revolutionizing real-time network security with cutting edge innovation, performance, and scale. Embracing global innovation, Wedge’s Cloud Network Defense™ (WedgeCND™) and Absolute Real-Time Protection (WedgeARP™) Series of products integrate and orchestrate the industry’s highest performance security inspection and mediation engines with best-in-class security technologies developed by Wedge and third parties. Purpose-built as fully virtualized security systems, these products can be deployed in the form of x86 appliances, virtual machines, or cloud application software. Today, these industry-leading solutions block security threats for tens of millions of end users in enterprise, service provider, government agency, and security-as-a-service networks spanning more than 17 countries.

Wedge Networks is headquartered in Calgary, Canada with international offices in Dallas, USA; and Manama, Bahrain. Visit www.wedgenetworks.com for more information.

Cylance is a registered trademark of Cylance Inc. www.cylance.com

Media Contacts:
USA & International PR contact:
Hannah Whitrow
Zonic Group PR
hwhitrow@zonicgroup.com

Posted in Industry News, Latest Security News, Product and Services Updates, Wedge News | Tagged , , , , , , | Leave a comment

Calgary’s Wedge Networks Looks to Channel for Enterprise Push with Malware-Blocking Product

No Gravatar

– By Mark Cox, published on ChannelBuzz.ca, October 11, 2016.

Wedge has partnered with Cylance to bring its AI-based technology into Wedge’s new enterprise product, which also marks the first time Cylance’s technology will be used beyond the endpoint

Wedge Networks has been making Web security solutions, mainly for telcos, since 2002. Now the Calgary based company is making a major move into the enterprise with WedgeAMB, a new advanced malware blocking product which brings Cylance’s technology onto their platform. While Wedge’s telco business is overwhelmingly direct, the plan is to go after the enterprise through channel partners.

“Our cloud-based security platform is used by multiple telcos,” said Frank Wiener, Wedge’s Vice President Marketing. “Our technology allows us to reconstruct entire files and scan it as low as the individual packet, while doing this at scale and at very low latency. Our world class inspection engine also lets us plug in security technologies from other vendors, and bring it all together. That’s a big part of our core competency.”
Wiener said that with WedgeAMB, Wedge is repackaging its technology in a form more suitable to sell through channel partners to enterprise customers.

“Historically, we worked with partners but primarily sold direct, because it was not a transactional sale, and it required a fair amount of integration,” Wiener said. “The enterprise market, unlike the telco market, is all about channel partners. So we will approach it with an offering that can be packaged up as a VM or appliance and bring it to market that way.”

Wiener said that because the enterprise market is very crowded, Wedge needed something very different and very compelling to differentiate itself. They are looking to Cylance to provide that differentiation.

“As we talked to enterprise customers, they said new advanced threats routinely get past their next generation firewalls,” Wiener said. “As a result, they are using sandboxes more and more. Some potential threats can be handled in a sandbox in milliseconds, but others may have to be evaluated for several minutes. So the usual procedure is to let it though, and if it is found to be malware, shut it down and begin remediation. We wanted the effectiveness of a Sandbox, but to do it in real time.”
Wiener said that is what brought Wedge to the conclusion that they needed to do this with better artificial intelligence, which in turn brought them to Cylance, whose Infinity Advanced Threat Engine is AI-based.

“Cylance has some very interesting technology, and as we looked at what they were doing, and that they could up the game in terms of our ability to detect more malware, we saw an opportunity to bring their technology into our platform,” Wiener said. The Cylance AI enables threats to be blocked in real time, rather than after they have penetrated the network.

“Cylance’s model has been about the endpoint, but they recognized customers also want a network solution that protect some things that aren’t at the endpoint, so they saw this as complementary,” Wiener said. The WedgeAMB solution is the first to bring the Cylance AI to the network level, combining it with Wedge’s patented hyper-inspection technology and their threat analytics.

“The solution provides the customer with actionable threat intelligence, so they can figure out what they need to do,” Wiener said.

While Wedge as a company has limited contacts with the kind of top-drawer reseller partners that they want, they do have senior execs with those contacts.

“Wedge is currently led by CEO James Hamilton who led Tipping Point before, and our sales head was also head of sales for Tipping Point, Riverbed and others,” Wiener said. Both have a history of selling through distributors and resellers. Both have a deep rolodex of partners in the space. We know security is very crowded and partners get besieged every week by vendors, but their contacts have got us an audience, and that audience has been showing some interest.”

Wedge is starting its new initiative with a relatively small channel, but plan to expand that, although never to volume channel dimensions.

“Out of the gate, we have announced a whole new series of products, and as we round out the portfolio, we will likely expand more aggressively through a broader set of distribution and resellers,” Wiener said.

Like many successful Canadian companies, Wedge’s Canadian business is disproportionately small compared to its total business, but they believe the enterprise market will open up more home-grown opportunities for them.

“The Canadian market is limited in revenue right now, although the backing of the Canadian government and trade commission has opened a lot of doors for us to reach out on the global frontier,” Wiener said. “We do see some Canadian opportunities in the enterprise. There will be Canadian partners as part of the initial rollout.”

For the original article please see ChannelBuzz.ca.

cbuzzlogo-new1

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , | 1 Comment

Milliseconds Versus Minutes – The Difference Between Prevention and Remediation

No Gravatar

The announcement last week about Wedge Networks’ integration and orchestration of Cylance’s artificial intelligence (AI) technology to improve real-time detection of advanced threats has big implications for enterprises and the industry. For enterprises, the first order implication is the ability to detect and therefore block advanced threats in milliseconds that would otherwise require minutes to tens of minutes or longer to detect. That difference in time equates to the difference between preventing threats from entering the network, versus the embarrassment, disruption and expense of remediating threats that have entered the network and infected one or more devices.

It has become an accepted fact that new advanced and frequently customized threats can and will pass through even the highest performing firewalls and IPSs without detection. Sandboxing provides a more effective detection layer of defense, however executable files running never before seen code can require the sandbox to fully detonate and simulate the sequence of events including the acceleration of time to detect delay oriented threats. This sandbox process may range from minutes, to tens of minutes, and potentially even hours for some threats. Ultimately the sandbox will issue a verdict and detect these threats with a high degree of accuracy. However, by the time the sandbox has issued a malware verdict, the file has been delivered to the end user who has very likely opened it and activated the malware, infecting at least one machine and possibly many more.

Detection and remediation will always be an important capability, however preventing threats from entering the network in real-time is clearly a less disruptive, lower cost, and lower risk security model. Wedge’s integration and orchestration of Cylance’s AI predictive malware prevention technology in combination with multiple other patented technologies and processing techniques is demonstrating the ability to block both conventional and new advanced threats, with unrivaled accuracy, and just milliseconds of latency. This is enabled through the same technology concepts that are driving rapid innovation in a variety of markets. A recent article on improving the safety of air travel though the use of AI is just one example. For cybersecurity, the net result is the ability to block these threats, including those that would otherwise require a lengthy sandbox evaluation, in real-time. Thus blocking the threat before it even enters the enterprise network. The benefits of real-time detection and prevention to the enterprise are obvious. The implications to the industry are far reaching and will be the subject of a future blog.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | 1 Comment