Active Real-Time Content Inspection Technology Prevents Crimeware and Malicious Code

Finjan’s active real-time behavior-based technology scans each and every piece of incoming and outgoing Web content in HTTP/HTTPS/FTP and analyzes it in real time regardless of its originating URL and without signature matching. It therefore detects and blocks Crimeware, targeted attacks and other malicious web content, also when hiding in SSL traffic, from entering corporate networks.
Finjan’s active real-time code analysis approach is highly effective in handling unknown, dynamic and rich Web content (that cannot be detected by reactive signature- and database-reliant security technologies) as well as traditional threats.

Understanding the True Intent of Web Content in Real-Time

Finjan protects organizations and businesses against Crimeware and Web 2.0 attacks, including Crimeware, trojans, keyloggers, obfuscated malicious code, as well as spyware, phishing, and other malware.
Finjan's award-winning Vital Security™ Web appliances utilize its patented active real-time content inspection technology to prevent Crimeware and malicious Web 2.0 content from infiltrating corporate networks and stealing business data. Each and every piece of web content is analyzed in real-time, regardless of its originating URL and without signature-matching.
Incoming and outgoing Crimeware, targeted Web 2.0 attacks and other malicious web content are therefore detected and blocked, also when hiding in SSL traffic. All inspected content remains encrypted when entering and exiting the appliances.

When the Web content is processed by Finjan’s active real-time scanning engine, its analysis consists of several steps:

• True content type detection to identify multiple types of content. The type detection algorithms identify different file type variations, spoofed file types, archived executables and encoded script files.
• Inspecting all inbound and outbound Web content.
• Detection and decoding obfuscated code that tries to “bypass” security scanners.
• Dissecting HTML code into individual components (HTML commands, text sections, style sheets, URI, scripts, external object activation, etc.)
• Scanning each active content component using a sub-engine that analyzes Java, ActiveX, JS/VB Scripts, HTML, XML, CSS, and HTTP/HTTPS/FTP in context.
• Constructing a behavior profile that encompasses the combined operational behavior of the active content components.
• Comparing the behavior profile against a comprehensive list of security profiles. In case the behavior profile violates any of them, it is immediately blocked.
• If the case of a “blocked” decision, a fix-up attempt is performed, sanitizing the malicious portions and serving the Webpage with as much functionality as possible.

Active Real-Time Content Inspection - How It Works

Solution Highlights

• An excellent solution able to detect and prevent Crimeware and Web 2.0 attacks despite the advanced propagation techniques and anti-forensic methods (code obfuscation, evasive attacks, random file names and URLs) being used.
• Analyzing each and every piece of inbound and outbound web content in real time, regardless of its originating URL and without signature-matching.
• Increased knowledge and awareness of the incoming and outgoing content itself and its associated behavior when it enters/exits the organization. This results in more educated security policy definitions and risk analyses.
• Deep code analysis to reveal malicious combinations of individually innocent functions.
• Exposes Crimeware that tries to extract private information and publish it to the Internet or that tries to access private and unprivileged information.
• Transparent handling of Web traffic reduces transmission costs and downloading time.
• External reporting and logging system provides a flexible and scalable data analysis platform for internal use, audits, and compliance requirements.
• Assistance in complying with regulations such as SOX (COBIT) DS5, HIPAA, GLB Act, PCI DSS 1.1., and FISMA.
• For increased Web 2.0 and productivity control, URL filtering engines from IBM Internet Security Systems and Websense are available as an extra option.

Keeps Enterprises Ahead of Targeted and Dynamic Web Threats

Attacks are typically targeting internal user systems within the corporate network, using invisible “Web-borne” techniques to take control.
With the necessary tools readily available on the Internet, gaining remote access to an internal workstation only requires determination from the cybercriminal. It only takes a few hours for the criminal to stealthily gain access and take control of the critical internal business systems and data of a company and use them for profit.

Organized crime cells are especially focused on infiltrating businesses and personal computers, using the services of highly-skilled professional Crimeware writers.
These crime pros need little time to access the personal information and data of the end-user. This of course significantly increases the security risk and thus places a huge burden on security experts. They use the Web as their main vector for malicious code propagation, since they understand that signature-based solutions were not designed to counter code obfuscation, Web 2.0 platforms and technologies, and other dynamic attack vectors in today’s web scenario.

Finjan’s active real-time content inspection technology is the ultimate solution for enterprises’ security needs. Finjan’s security engines analyze the code in real time and understand its potential effects before it executes on the end user machine. By understanding the true intent of web content, Finjan blocks malicious web attacks in real time, without requiring signatures or patches.