MTD – Details & Use Cases

Malware detection

Traditional Network security relies on Firewalls and IDS/IPS that block incoming traffic matching predefined “rules”. But even if regularly updated, rules always lag behind the attackers’ ability to evade them.

Traditional System security relies on AntiViruses matching files to known signatures, but AntiVirus detection coverage is well below 100% . RedSocks Malware Research Lab regularly inspected millions of Malware samples with several AntiViruses combinations, prooving that detection coverage is in the 60-80% range only.

If Malware bypasses these traditional line of defense, it can hide forever stealing sensitive data.

CHALLENGE

Firewalls, AntiViruses, IDS/IPS do not stop all security threats. If Malware bypasses them, it can hide forever stealing sensitive data

Image

RS-MTD: tracking suspicios traffic

RS-MTD complements the traditional digital security defences and brings the security coverage up to 100% . RS-MTD is based on the inspection of host outgoing traffic. Every Malware produces some outgoing traffic that always looks different from ordinary traffic: there is virtually no Malware that can remain undetected using this approach!

Moreover, RS-MTD can discover malware no matters how long it has already been hiding (and potentially causing harm) in the connected systems of an organisation. From the moment RS-MTD is installed, there is no longer any “safe place” for Malware.

Image

SOLUTION

RS-MTD detects the most dangerous Malwares, that bypassed the traditional lines of defence

Inserting RS-MTD in a network is simple and non-intrusive, because RD-MTD works on NetFlow/IPFIX data exported by routers. NetFlow/IPFIX is supported by the majority of vendors, but an inexpensive probe (RS-probe) can be used in case a router is not fully compliant with the NetFlow/IPFIX standard.

Using NetFlow/IPFIX (which is already summarised information extracted from the packet headers)  has a scalability advantage with respect to inspecting every packet and its content (“DPI approach”). Moreover, RS-MTD only needs to inspect the traffic in the outgoing direction (i.e. the “upload” direction from a user’s perspective) which is often much less than the traffic in the incoming direction.

There is also a privacy advantage in RS-MTD approach: as packet payload is not inspected, the privacy of the communications of the employees of an organization is not violated. Finally, not relying on paylod inspection makes this approach robust to packet content encryption, which is more and more used by applications.

RS-MTD benefits: use cases

Stopping Intellectual Property Theft

The first success story of the technology at the heart of RS-MTD was the identification of a long-lasting intellectual property theft in a big pharmaceutical group, carried out from Malware infected machines in the R&D division. The financial impact of this persistent theft was orders of magnitude higher than the cost of installing the solution.

After that, RS-MTD has been succesfully installed in several industrial and education organizations. In all cases it has identified both potential threats and actual infections that were completely unknown to the security managers.

Byod and security compliance

BYOD (Bring Your Own Device) policies are a growing need and an asset for several organizations, that benefit from the increased productivity and reduced costs of letting their employees use their own computer, smartphones or tablets for work purposes.

Unfortunately, BYOD come at the expense of additional security risks because it is very dificul to enforce a consistent level of software updates and AntiVirus usage with so many different connected devices. It also risks breaking the compliance to security standards an organization must abide to.

RD-MTD gives system administrators and security teams the capability of rapidly react and isolate potential and actual threats. A dashboard reports events in real time, with a “severity level” indication that allows even with scarce resources to concentrate on the more risky situation that require immediate attention.

RS-MTD helps organizations with BYOD policies to keep respecting security compliance requirements

Benefits

RS-MTD could stop a persistent intellectual property theft in a pharmaceutical group

RS-MTD is a fundamental help to limit the negative security impact of BYOD policy in organizations

Image