SonicWall expands the capabilities of the patent-pending SonicWall Real-Time Deep Memory Inspection (RTDMI) technology to enhance protection against malicious PDFs and Microsoft Office files.
A key component of the SonicWall Capture Cloud Platform, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, using RTDMI technology, identified more than 3,500 never-before-seen attack variants since January 1, 2018.
“Cybercriminals are executing with extreme agility to exploit any and all vulnerabilities in both technology and user behavior,” said SonicWall President and CEO Bill Conner. “Memory regions are the next key battlegrounds where organizations will combat cybercriminals. If left unmitigated, they’ll leave a key attack vector vulnerable to new waves of modern cyberattacks.”
First announced in February 2018, RTDMI technology is used by the SonicWall Capture Cloud Platform to identify and mitigate even the most insidious cyber threats, including memory-based attacks. RTDMI proactively detects and blocks unknown mass-market malware — including malicious PDFs and attacks leveraging Microsoft Office documents — via deep memory inspection in real time.
“Attacks are leveraging sophisticated and proprietary encryption techniques to mask their attacks within memory,” said SonicWall CTO John Gmuender. “For this reason, organizations need to be proactive in identifying and mitigating attacks where weaponry only is exposed for up to 100 nanoseconds. More and more malware, ransomware and other advanced attacks will be delivered via this vector in the coming months and years.”
The 2018 SonicWall Cyber Threat Report advises that cybercriminals will continue to leverage users’ trust in PDFs and Microsoft Office applications (which represented five of the top 10 attacked applications of 2017). Because of obfuscation techniques, many legacy firewalls and anti-virus solutions are unable to effectively identify and mitigate PDFs or Microsoft Office file types that contain malicious content.
RTDMI is already operational for SonicWall customers with active subscriptions to Capture ATP sandbox service and SonicWall Email Security solutions.
Capture ATP, RTDMI Stop Malicious PDFs, Office Documents
SonicWall RTDMI is a core multi-technology detection capability included in the Capture ATP sandbox service. RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior or hides its weaponry via encryption.
By forcing malware to reveal its weaponry into memory, RTDMI proactively stops mass-market, zero-day threats and unknown malware accurately utilizing real-time, memory-based inspection techniques. RTDMI also analyzes documents dynamically via proprietary exploit detection technology, along with static inspection, to detect many malicious document categories, including:
- Malicious Flash-based Microsoft Office documents
- Dynamic Data Exchange-based (DDE) exploits and malware inside Microsoft Office files
- Microsoft Office and PDF files containing malware or other malicious executables
- Malevolent shellcode-based and multi-layer files
- Macro-based malicious files
- Malicious, phishing-based PDF documents leading to both phishing and malware hosting websites
Earlier this year, the Capture Labs threat researchers validated that the SonicWall RTDMI technology — specifically the technology’s real-time analysis of instruction and memory usage patterns — is effective against future exploits built on the Meltdown vulnerability.
Meltdown, a processor vulnerability publicly announced by Google’s Project Zero security team in January 2018, could allow an attacker to access sensitive information (e.g., passwords, emails, documents) inside protected memory regions on modern processors.
SonicWall Publishes Advanced Cyber Threat Data for SonicWall Customers and Partners
To further aid organizations’ pursuit of protecting their data, networks, customers and brand, SonicWall launched the Security Center with all-new, real-time threat meters to provide actionable cyberattack data and threat intelligence.
The threat meters display ongoing attacks, as they happen, in locations around the world and maps them by origin. It tracks malware, intrusions, ransomware, encrypted threats, spam, phishing and emerging zero-day threats.
Complementing the research in the 2018 SonicWall Cyber Threat Report, the SonicWall Security Center threat meters rank threat volumes and trends month-over-month and year-over-year, so organizations can make better-informed security decisions.
The Capture Cloud Platform identified more than 49,800 new attack variants in the first quarter of 2018, with the new SonicWall RTDMI technology identifying 3,500 never-before-seen variants. In the first quarter of 2018 alone, the average customer faced:
- 7,739 malware attacks, a year-over-year increase of 151 percent
- 173 ransomware attacks, a year-over-year increase of 226 percent
- 335 encrypted cyberattacks, a year-over-year increase of 430 percent
- 963 phishing attacks, a year-over-year increase of 15 percent
“Organizations are better prepared to protect their networks and data if they know the volume and specific cyberattack types they are up against,” said Conner. “SonicWall will continue to arm customers and partners with actionable, real-time threat intelligence to help mitigate advanced attacks in the fast-moving cyber arms race.”
The Security Center gathers input from more than 1 million Capture Threat Network sensors worldwide, including active SonicWall firewalls, email security solutions, endpoint security devices, honeypots, content-filtering systems and multi‐engine Capture ATP sandbox environments.