This blog was written by Lenny Zeltser, VP of Products at Minerva Labs.
What drives two endpoint security vendors to work together? The recognition that customers will benefit from the unique advantages of each company’s technologies. Useful defensive approaches that work in tandem are stronger together than they are when deployed independently. With this in mind, Minerva’s Anti-Evasion Platform is now certified by McAfee to work within the ePO ecosystem. Here’s why this is valuable for McAfee and Minerva customers.
Using Deception to Increase Prevention Efficacy
Despite the modern advancements in antivirus approaches, such as the use of artificial intelligence, attackers keep succeeding at slipping past such enterprise defenses. That’s the nature of the cat-and-mouse dynamics, which describe any approach that aims to distinguish between malicious and legitimate files. Minerva’s Anti-Evasion Platform uses a different approach to automatically prevent infections that involve evasion tactics.
The notion that the effectiveness of cybersecurity tools decreases over time is captured in Grobman’s Curve. Steve Grobman, the CTO for McAfee, developed this principle to explain that advancements in security technologies indirectly weaken their own efficacy by motivating attackers to develop evasive countermeasures. Minerva’s Anti-Evasion Platform’s methodology operates in a way that compensates for this degradation.
Minerva’s approach doesn’t involve scanning files or tracking processes to detect malicious code. Therefore, it doesn’t compete with or replace the need for antivirus software such as McAfee Endpoint Security. Instead, Minerva’s Anti-Evasion Platform uses elements of deception on the endpoint to cause malware to self-convict and terminate itself if it engages in evasive behavior.
For example, Minerva’s software makes every endpoint in the enterprise look like the analysis environment that malicious code is often designed to avoid. This aspect of the solution is called Hostile Environment Simulation. This is just one of the ways in which Minerva automatically prevents intrusions without requiring human intervention, manual configuration or professional services.
Minerva forces adversaries to make a choice: Use evasion and be subject to Minerva’s interference, or avoid such tactics and get caught by antivirus. As the result, McAfee Endpoint Security, augmented with Minerva’s Anti-Evasion Platform deliver significantly broader threat coverage than any other solution on the market.
Using Evasion Tactics Against the Adversary
As the McAfee Labs Threat Report that focused on evasion pointed out, “There are hundreds, if not thousands, of anti-security, anti-sandbox, and anti-analyst evasion techniques employed by malware authors. Many can be purchased off the shelf.” Gone are the days when attackers needed to possess advanced expertise to use such technologies.
Tactics for bypassing anti-malware tools eventually yield results, leading to costly investigative activities and losses associated with the compromise of sensitive data. Minerva’s focus on interfering with evasion methods is unusual in that the more evasive the threat, the easier it is for Minerva’s Anti-Evasion Platform to prevent the compromise.
For instance, Minerva examined the extent to which evasion tactics are used by modern exploit kits. We analyzed the points in the attack paths that involved some form of evasion, such as the avoidance of malware analysis tools. 99% of the examined attacks involved at least one evasion tactic somewhere along the path. Such techniques are designed to increase the likelihood that the attack succeeds. In contrast, the very use of evasion as part of the attack allows Minerva’s Anti-Evasion Platform to protect endpoints even if other security controls would’ve failed.
With Minerva, the very tactics that have historically given adversaries the upper hand, give defenders an advantage in protecting endpoints.
Enhanced Protection without Operational Burdens
The passive nature of Minerva’s technology allows customers to benefit from its protection without endpoint performance concerns. Moreover, Minerva’s integration with ePolicy Orchestrator (ePO) allows McAfee customers to deploy and operate Minerva’s Anti-Evasion Platform without operational burdens often associated with standalone agents.
It’s now possible to deploy Minerva via McAfee ePO software for all Microsoft Windows operation systems (Windows XP or above, including servers) across the enterprise. No reboot is required for installing, upgrading or uninstalling the Minerva agent. McAfee customers can also use ePO to centrally monitor and feed new threat intelligence of all evasive threats prevented by Minerva’s Anti-Evasion Platform.
In another example of Minerva working together with McAfee technologies, Minerva’s agent can interact with other components of the McAfee ecosystem using the Data Exchange Layer (DXL), which allows DXL-compatible solutions to collaborate on strengthening enterprise defenses. For instance, if Minerva’s Anti-Evasion Platform stops an evasive threat, Minerva can use DXL to share information about the malicious artifact with other DXL-compatible technologies. You can see this approach in action in Minerva’s video that illustrates the power of this approach.
Minerva’s participation in the McAfee ecosystem increases the efficacy of the joint solution to stop attacks. The ePO integration allows enterprises to accomplish this easily and efficiently. DXL makes it possible to share Minerva’s unique advantage with other compatible technologies and reinforces the notion that security is a team sport. To see this approach in action, reach out to Minerva for a demo.
About Minerva Labs
Minerva Labs is an award-winning, innovative endpoint security solution provider that protects enterprises from today’s stealthiest attacks, without the need to detect threats first—all before any damage has been done. The Minerva Anti-Evasion Platform blocks unknown threats that evade existing defenses by deceiving the malware and controlling how it perceives its environment.
McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place for the benefit of all. McAfee’s holistic, automated open security platform allows all your disparate products to co-exist, communicate, and share threat intelligence with each other anywhere in the digital landscape.
Lenny Zeltser is a seasoned business and tech leader with extensive cybersecurity experience. He heads Product Management at Minerva Labs. Lenny also trains incident response and digital forensics professionals at SANS Institute. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.