McAfee introduces anti-rootkit security beyond the OS
Cybercriminals know how to evade current operating systems-based security, demanding a new paradigm – security beyond the operating system.
On that note, McAfee demonstrated the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum on Tuesday. Co-developed with Intel, it allows McAfee to develop hardware-assisted security products to take advantage of a “deeper” security footprint.
It sits beyond the operating system and close to the silicon, and by operating beyond the OS, it provides a direct view of system memory and processor activity, allowing McAfee products to gain an additional vantage point in the computing stack to better protect systems.
DeepSAFE enables new protection technologies, including proactively detecting and preventing stealthy advanced persistent threats and malware.
Many APTs include stealth techniques such as rootkits that embed themselves deep in the OS to evade current security solutions, and McAfee demonstrated how a system running the technology was able to detect and stop a zero-day Agony rootkit from infecting a system in real time.
Traditional OS-based security might detect a rootkit, if it is known, only after it has been installed and has a chance to hide or propagate malware. The time to detection is drastically reduced when McAfee DeepSAFE technology is being used to identify, block and remediate in real-time. Among the threats that it detects are Stuxnet, SpyEye, the TDSS rootkit family and the NTRootkit.
- Delivers a technology platform for future security solutions
- Provides a trusted view of system events below the operating system
- Offers a new method to block sophisticated advanced persistent threats and stealth techniques in real time, before they have a chance to hide
- Provides real time CPU event monitoring with minimal performance impact.
The technology is expected to launch in products later in 2011, and McAfee anticipates that it will be a foundation for a number of their future products.