Endpoint Protection

 View Only

  • 1.  New Adobe Vulnerability Exploited in Targeted Attacks

    Posted Oct 08, 2009 04:21 PM
    Could someone from Symantec explain how Proactive/Network Threat Protection will help in this scenario please?  

    http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html

    http://isc.sans.org/diary.html?storyid=7300


  • 2.  RE: New Adobe Vulnerability Exploited in Targeted Attacks

    Posted Oct 09, 2009 04:52 AM
    Hi Tekkid,

    I'm sorry that I cannot give any details at the moment, but I can reassure you that Symantec is aware of this CVE-2009-3459 vulnerability.  Stay tuned. more details will be made public in due course. 

    I see that Adobe's blog states that the vulnerability will be resolved in their release on 13 October- that's good news as well.

    Thanks and best regards,

    Mick


  • 3.  RE: New Adobe Vulnerability Exploited in Targeted Attacks

    Posted Oct 09, 2009 12:14 PM

    Looks like Symantec just posted something.  

    http://www.symantec.com/business/security_response/vulnerability.jsp?bid=36600

    Doesn't say anything yet about what Symantec is doing to protect us absent a patch from Adobe.    This is a good opportunity to sell why we upgraded to traditional AV to Endpoint Protection and how Proactive Threat Protection/IPS is on the watch for PDF's with malicous code attached.  




  • 4.  RE: New Adobe Vulnerability Exploited in Targeted Attacks

    Posted Oct 09, 2009 12:24 PM

    I will  explain what PTP and  NTP does.

    Intrusion Prevention

     Network threat protection blocks threats from accessing your computer by using rules and signatures. Proactive threat protection identifies and mitigates the threats based on the threats’ behavior. Antivirus and antispyware threat protection identifies and mitigates the threats that attempt to or have gained access to your computers by using the Symantec signatures. The Symantec Endpoint Protection client firewall provides a barrier between the computer and the outside network. The client firewall prevents unauthorized users from accessing the computers and the networks that connect to the Internet, detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic. The firewall also protects against network threats and malware that attempt to proliferate in your network, such as bots. All the information that enters or leaves the client computer must pass through the client firewall, which examines the information packets. The client firewall blocks packets that do not meet the specified security criteria.

    Proactive threat scanning provides an additional level of protection to a computer that complements existing AntiVirus, AntiSpyware, Intrusion Prevention, and Firewall protection technologies. AntiVirus and AntiSpyware scans rely mostly on signatures to detect known threats. Proactive threat scans use heuristics to detect unknown threats. The Heuristic process scan analyzes the behavior of an application or a process. The scan determines if the process exhibits the characteristics of a threat, such as Trojan horses, worms, or key loggers. The processes typically exhibit a type of behavior that a threat can exploit, such as opening a port on a user's computer. This type of protection is sometimes referred to as protection from "Zero-day attacks":

    "Zero-day attack vulnerabilities" are new vulnerabilities that are not yet publicly known. Threats exploiting these vulnerabilities can evade signature based detection such as AntiSpyware and AntiSpyware definitions.

    "Zero-day" attacks may be used in targeted attacks and in the propagation of malicious code.

    About Proactive Threat Protection:

    The intrusion prevention system (IPS) is the client's second layer of defense after the firewall. The intrusion prevention system is a network-based system that operates on every computer on which the client is installed and the IPS system is enabled. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.

    The client contains smart attack signatures that are less likely to allow an intrusion attack. The client also contains a stateful engine that tracks all the incoming and the outgoing traffic. The client includes the intrusion prevention engine and a corresponding set of attack signatures by default.

    What is  Network Threat Protection?



  • 5.  RE: New Adobe Vulnerability Exploited in Targeted Attacks

    Posted Oct 09, 2009 12:35 PM
    Thanks Prachand, we all have the overview of what Network Protection is/does.   I'm looking for something more specific like references to an update to Proactive Threat Protection that heuristically detects these Adobe documents prior to an AV definition and/or specific IPS detections such as: HTTP Acrobat PDF Suspicious File Download.  Showing examples of how Proactive Threat Protection and IPS are successfully mitigating attacks while we are waiting for a specific AV defintion and/or patch from the vendor would really exemplify the worth of migrating from traditional AV  along with the investment we made with Endpoint Protection.


  • 6.  RE: New Adobe Vulnerability Exploited in Targeted Attacks

    Posted Oct 09, 2009 02:43 PM
    If you had the details, you can create custom signatures for the IPS side......... although that's as much as I know!


  • 7.  RE: New Adobe Vulnerability Exploited in Targeted Attacks

    Posted Oct 09, 2009 03:10 PM
     I don't think till this vulnerability is widely exploited Symantec would create IPS for it.