McAfee detects kernel-mode malware

McAfee announced Deep Defender, which is capable of detecting nearly all kernel-mode malware. This level of security is possible with McAfee DeepSAFE technology because its protection layer is located beyond the operating system.

McAfee worked closely with Intel with the purpose of delivering hardware assisted security designed to stop and remediate advanced stealth behaviours used by rootkits and APTs.

With the increased threat landscape of emerging persistent and targeted attacks, a new approach to security is needed.

McAfee Deep Defender utilities McAfee DeepSAFE technology that sits between the processor and the OS to help protect vital system software residing in physical memory, providing a new view of the drivers and other software as they operate. In addition McAfee Deep Defender provides:

Real-time memory and CPU monitoring – using McAfee DeepSAFE technology, this low-level visibility allows McAfee Deep Defender to recognise evasive techniques employed by stealthy malware and gives administrators a real-time view of memory processes, enabling configurable block or deny actions.

True zero-day detection – McAfee Deep Defender does not need to have prior knowledge of the rootkit to detect its existence.

Protection against known and unknown threats – McAfee Deep Defender will report, block, quarantine, and remove known and unknown stealth techniques attempting to load in memory. For suspected or unknown threats, McAfee Deep Defender sends a fingerprint of the code to the McAfee Global Threat Intelligence network and then carries out the configured action, such as block, remediate, or quarantine.

Central management with McAfee ePolicy Orchestrator platform – utilizing the same ePolicy Orchestrator console already used across existing McAfee endpoint security solutions, customers can now receive dashboards and reports that provide greater visibility into hidden threats.

“Security is a fundamental pillar of computing,” said Renée James, Intel senior vice president and general manager of the software and services Group. “We are working to ensure users have an engaging, secure and productive computing experience across all Intel platforms using McAfee technologies. Security is one of the top concerns to organisations of all sizes and industries. It is essential that computing is protected against intrusions from security breaches and malware in more effective ways. Together, McAfee and Intel are rethinking the entire approach to security and McAfee Deep Defender is a proof point of how security is changing to provide a new level of protection.”