01st November 2013

TECHNICAL INSIGHTS

TECHNOLOGY ALERT

Network Security Technology Alert

© 2013 Frost & Sullivan 1

1. VIRTUAL ENVIRONMENT FOR SCREENING MOBILE MALWARE

ATTACKS

2. CLOUD-BASED GROUND UP APPROACH TO PROTECT ENDPOINT

DEVICES

3. EFFECTIVE SECURITY FOR DATA AND DOCUMENTS

4. INTERNAL SECURITY SOLUTION FOR NETWORK PROVIDERS

5. CLOUD-BASED EFFECTIVE BUG BOUNTY PROCESS SYSTEM

6. MULTIFACTOR AUTHENTICATION SYSTEM FOR MOBILE DEVICES

7. INTELLIGENT SYSTEM TO ANALYZE ZERO-DAY ATTACKS

8. NETWORK-BASED APPROACH ENHANCING CONTROL FOR BYOD

STRATEGIES

1. VIRTUAL ENVIRONMENT FOR SCREENING MOBILE MALWARE ATTACKS

Advanced threats from malware attacks have moved beyond the Web,

emails, and file transfers to mobile devices, with the rapid proliferation of

smartphones. However, for protecting these mobile devices, traditional malware

signature techniques are not adequately efficient. Apart from protection of

corporate mobile devices, there is also a strong need for protection of personal

devices at the workplace. Advanced mobile malware applications can easily steal

valuable information from users’ smartphones by penetrating their security

software through manipulation of the system codes by employing advanced

programming techniques. Virus and malware scanners that are available in the

market for mobile devices can only detect known threats, but fail to detect and

understand the behavior of new zero day attacks. This has generated the need for

a solution that can analyze the behavior of mobile applications and understand

the usage of information, thereby helping to protect the intellectual properties

and network data of the users.

In order to address the above-mentioned issue, a California-based security

solution provider, FireEye Inc., has introduced its new FireEye® Mobile Threat

PreventionTM solution for protection of mobile devices. The latest solution from

the company is developed specifically for the AndroidTM platform and is deployed

in a cloud environment for easy sharing of threat intelligence across the users of

an organization.

Network Security Technology Alert

© 2013 Frost & Sullivan 2

The underlying framework empowering the FireEye Mobile Threat

Prevention solution is its mobile Multi-Vector Virtual Execution (MVX) engine,

which implements an innovative approach to detect unknown threats, unlike the

traditional solutions with binary signature techniques. The MVX engine from the

company deploys mobile applications within a virtual Android environment to

understand the behavior of individual applications. The solution performs a

dynamic analysis on the applications to analyze various malware parameters and

their impact on the mobile devices. Leveraging contextual correlation, the MVX

engine helps users to get a comprehensive view of the behavior of the

applications on a virtual environment, thereby protection users’ data from all

threats that could occur due to code change or evasion techniques.

In addition to the unique approach of deploying mobile applications safely

within a virtual environment for behavioral analysis, FireEye Mobile Threat

Prevention also includes an advanced live-analysis module that provides real-time

threat intelligence to users. This dynamic analytics process provides a second-by-

second video playback for every applications and provides information on the

behavior of the applications and their actions on the mobile device. The

intelligence system helps organizations and users’ to deploy security policies

according to the threat ratings, and also provides the provision to block

applications, if necessary.

As the cloud platform is the most flexible mode for easy integration of

services, FireEye offers its Mobile Threat Prevention solution as a cloud service.

Users can easily test their applications over cloud and analyze the behaviors

through the analytical engine before installing them into their mobile devices. The

solution, with its innovative approach to prevent malware attacks, its cost

effective and easy integration options through cloud platform, and advanced

threat analytics module for real-time application screening, could prove to very

attractive for a wide range of customers, specially organizations that work with

bring-your-own-device (BYOD) policies. This comprehensive solution for mobile

protection from FireEye could have a significant impact on the mobile security

market within a time span of one year.

Details: Jeffrey Williams, VP Business Development, FireEye Inc., 1440

McCarthy Blvd., Milpitas, CA 95035. Phone: +1-408-321-6300. E-mail:

info@fireeye.com. URL: www.fireeye.com.

Network Security Technology Alert

© 2013 Frost & Sullivan 3

2. CLOUD-BASED GROUND UP APPROACH TO PROTECT ENDPOINT DEVICES

In a traditional solution, security appliances are usually placed on the

server side behind the corporate firewall security layer. Thus the architecture of

these solutions is not able to extend its security protection to any mobile devices

connected in the corporate network in a distributed environment. This provides

the gap for security breaches through malware, phishing, and botnet attacks to

steal sensitive information from the corporate servers. Another notable challenge

faced by organizations in managing mobile devices is due to the diverse locations

of users accessing the Internet, which makes the system perform slower due to

constant scanning of incoming and outgoing contents from the enterprise

network.

With an objective to address these issues, California-based security

solution provider, Zscaler Inc., has come up with an Advanced Persistent Threats

Solution, which offers security over cloud platform and extends its capability to

protect any devices at any location through a single solution.

The comprehensive cloud-based advanced persistent threat (APT) solution

from Zscaler proactively analyses dynamic behavior of applications accessing the

network by leveraging behavioral analysis. This real-time protection system easily

tracks any malicious codes accessing corporate network, thereby enhances the

capabilities of the antivirus protection system. In addition, Zscaler APT also

includes DNS (domain name system) analysis along with its existing in-line traffic

scanning technique to detect changes in the traffic pattern due to botnet attacks.

This helps to reduce the impact from any botnets into the system as the solution

automatically kills botnet command execution as soon as it detects any initiation.

To further enhance the functionality of the security solution, Zscaler Inc. also

augmented its big data security analytics into the APT solution to develop a more

comprehensive solution than before. Incorporation of Big Data Analytics into the

solution provides a real-time global visibility of the network for organizations and

enables analyzing endpoint traffic with a more focused accurate analysis.

One of the major benefits provided by Zscaler's solution is its context-

aware cloud security. Zscaler starts screening devices with a ground up approach

from user-based policies. The solution screens every device, its contents, and

applications along with its location information. Leveraging Direct-to-Cloud

Network from the company the solution seamlessly connects to over 100 data

Network Security Technology Alert

© 2013 Frost & Sullivan 4

centers comprising of 10 million users across the globe, which helps to analyze

and quickly identify threats from the large database with near zero latency.

The global trend of accessing corporate network from any locations with

the advent of smartphones demands for an effective solution, which could offer

the same level of security as any other device used within corporate network.

Zscaler's solution incorporating pre-processing malware, botnet analysis, traffic

scanning forensic analysis, and context-based behavioral analysis--all offered

over cloud through a single platform--could prove to be an attractive solution for

the BYOD (bring your own device) market in coming years.

Details: Clinton Karr, Sr. PR Manager, Zscaler Inc., 110 Baytech Drive,

Suite 100, San Jose, CA 95134. Phone: +1-408-786-9285. E-mail:

ckarr@zscaler.com. URL: www.zscaler.com.

3. EFFECTIVE SECURITY FOR DATA AND DOCUMENTS

The conventional security systems are keen on developing solutions that

secure the perimeter of data storage. Time and again, it has been proved that

these systems fail to protect data because of advanced algorithms and hacking

systems. Moreover, it is difficult to create a common data security for various

types of data that need to be stored. The recent developments, such as, cloud,

have increased data transition, resulting in poor security cover for data. In case a

strong security cover is provided, the solution may suffer due to lack of flexibility,

resulting in ineffective security policy implementations. This has led to the need

for a solution that can effectively create a security cover for data, without

affecting data transition and flexibility.

A Portugal-based company, Watchful Software has come up with a solution

called RightsWATCH, which is a data-centric security solution. The solution

effectively prevents data leaks and enables smooth implementation of data

policies.

Unlike conventional solutions, the protection is applied to the data itself,

enabling effective prevention of data loss. This acts as a strong cover against

unauthorized access. The perimeter cover acts like a fort which could fail in

events of complex hacking. The RightsWATCH solution acts as a data cover that

can protect the data even if the perimeter cover is breached. Such a strong cover

within the perimeter often works effectively within or outside the physical

boundaries and provides security coverage for any device that accesses such

Network Security Technology Alert

© 2013 Frost & Sullivan 5

data; this includes laptops, external storage devices, and other cloud servers.

Various levels of information need different levels of security. RightsWATCH is

programmed using a MultiLevel Security Model (MLS) that automates level of

security, enabling easy implementation of security policies. Data is protected by

the servers as long as there is validity of data; this makes the solution a

persistent security cover.

The security can be offered to host of applications, such as Microsoft Word,

Excel, PowerPoint, Outlook, Visio and Project. When systems interact with

documents worked upon by external organizations, the security cover can be

extended to applications, such as, Microsoft SharePoint. The solution is equipped

with advanced monitoring and administering consoles that are capable of

performing security analyses on documents. In case of any suspicion of security

breach, the links to the document is severed, and after verification, the links are

restored. The solution is designed for integration with Microsoft’s technology,

which is being used in a majority of enterprise applications.

The solution is expected to have a strong impact within three to four

years. This medium term of impact is mainly due to the solution’s novel method

of securing the data rather than creating an external security perimeter for the

information. This method is effective because the shortened space between the

security cover and data makes it more difficult for hackers to get any hold on the

data. The solution’s capability to be integrated with Microsoft’s solutions is

expected to increase its market space.

Details: Rui Melo Biscaia, Director, Product Engineering, Watchful Software

Parque Industrial de Taveiro, Lote 49, 3045-504 Coimbra, Portugal. Phone: +351-

239-989-100. E-mail: info@watchfulsoftware.com. URL:

www.watchfulsoftware.com.

4. INTERNAL SECURITY SOLUTION FOR NETWORK PROVIDERS

Traditionally, security is associated with prevention of external threats,

such as, breach of firewall, intrusion, failure of packet filters, viruses, and

hackers. The conventional security systems heavily focus on warding off the

external threats, which makes them less equipped for dealing with internal

threats. Internal threats are generated by internal modules and access systems.

The Internet assets are affected by botnet and malware that destroy the systems

internally. In order to address these new threats, it is necessary that exclusive

Network Security Technology Alert

© 2013 Frost & Sullivan 6

systems designed for internal security should be created. Apart from creating

internal security, these systems are also expected to provide solutions for data

leakage and for internal policy implementation.

US-based Nominum Inc. has come up with a solution called VantioTM

ThreatAvert, which is capable of forecasting threats and stopping them. In case

there are attacks that cannot be prevented, the solution reduces their impact.

The solution leverages its internal resources for creating the internal security

perimeter.

The Domain Name System (DNS) is leveraged by Vantio ThreatAvert to

curb malicious activity internally. The Vantio ThreatAvert utilizes DNS to form a

Global Intelligence Xchange (GIX), which is a real-time update registry for

internal threats. The DNS empowers Vantio ThreatAvert with high levels of

scalability, resulting in complete scan of the security status from top to bottom.

The scalability also enables an always-on network that allows user mobility and

enables faster and reliable connectivity. Nominum’s patented DNS Caching

technology allows Vantio ThreatAvert to overcome larger query volumes, which

cause competing solutions to fail. The network performance is rendered in a fast

pace without any hindrance due to handling of the spikes in query volumes using

the DNS cache. The solution provides strong visibility of the query trends,

enabling well-informed analytical decisions in handling the queries. Abnormal high

query rates will be displayed, enabling the system to deduce the source of the

attacks and take precautionary measures.

The solution does not allow hackers to alter the DNS record and thus

prevents Internet users from visiting any malicious Websites. The security cover

of Vantio ThreatAvert does not stop with DNS protection; the solution has been

designed to provide strong protection to the mobile network spectrum as well.

The precision engine allows strong protective and precision policies to be

implemented, based on the reports from GIX. These policies do not just protect

the DNS server, but also keep the malleability of the system intact. This allows

the system’s protection to be strongly reactive to threats with help of dynamic

updates.

The solution is expected to have a strong impact in a period of two to

three years. This short term of impact is mainly due to the fact that the solution

is capable of warding off threats internally, which is novel, and also enables a

strongly reactive response to external threats. The solution’s security perimeter

Network Security Technology Alert

© 2013 Frost & Sullivan 7

for the mobile network spectrum can be evolved to create a pervasive security

net around network assets.

Details: David Contreras, Media Contact, Nominum Inc., Pacific Shores

Center, 2000 Seaport Blvd, Suite 400, Redwood City, CA 94063. Phone: +1-650-

381-6000. E-mail: pr@nominum.com. URL: www.nominum.com.

5. CLOUD-BASED EFFECTIVE BUG BOUNTY PROCESS SYSTEM

Security testing is a crucial process, which enables software developers to

evaluate their Web applications, mobile applications, Websites, and Web services.

Conventional solutions use instances but do not involve any expert opinions or

bug bounty processes. Bug bounty processes might contain complex modules and

could prove very costly. Moreover, conventional solutions allow only few experts

to involve in the process because increase in number of experts could result in

increase of cost. The support infrastructure, which is needed to assist experts in

the bug bounty process, could fail due to overload. This has resulted in firms

looking out for solutions for effectively addressing the above issues and achieving

cost-effective bug bounty processes.

Sydney-based company called Bugcrowd Inc., has come up with a solution

called Bugcrowd’s bug bounty platform. The platform has the capability to

connect researchers to the security testing process, thereby enabling a strong

security system.

The cloud-based solution allows users and researchers to sign in from their

systems in to the platform to perform the bug bounty processes. The solution is

equipped with a crowd control system through which the entire bug bounty

process is routed. The crowd control system keeps a check on number of people

involved in a single process so that overload can be avoided. The solution, which

is specifically designed for coded applications, allows clients to list the sites or

apps to be tested through the cloud platform. The granularity of the site allows

the clients to choose the date and time of the start and stop of the testing

process. The Bugcrowd platform offers a complete end-to-end management of

bug bounty processes such as managing the testers, collecting and validating the

bug, and managing shipment and payment to the testers.

The solution offers two types of service, on-going bounties and ad-hoc

bounties. The on-going bounties are run for search engines, social sites, and e-

commerce applications. These processes are charged according to the scalability

Network Security Technology Alert

© 2013 Frost & Sullivan 8

performed by the platform. The ad-hoc bounties allow clients to choose the scope

and time of the process. The ad-hoc requests can go as a completely private or a

public process. The solution offers a comprehensive reporting system, which

contains the details of every bug that has been found. The charges are levied

based on the information found and not on the run time. The solution is agnostic

enabling it to adapt to any application or device.

The solution is expected to have a strong impact in a short term of 2 to 3

years. This short term is mainly due to the fact that the conventional solutions

are cost intensive and do not support small and medium enterprises. The cloud-

based Bugcrowd is capable of providing infrastructure and differentiation in

scalability for small enterprises.

Details: Segei Belokamen, Co-Founder, Bugcrowd Inc., PO Box 1199,

Sutherland, NSW 1499, Sydney, Australia. Phone: +61-2-8417-2994. E-mail:

info@bugcrowd.com. URL: www.bugcrowd.com.

6. MULTIFACTOR AUTHENTICATION SYSTEM FOR MOBILE DEVICES

New age Web and mobile applications use conventional username and

password authentication systems. These systems need customers to retain

dissimilar usernames and passwords for diverse payment portals for improved

security. In spite of this, the username/password authentication systems are

effortlessly conceded, leading to complex security, privacy, and identity control

breach. Online business services could also prove to be security threats as they

allow hackers to find out passwords or glean data needed to reset user accounts.

Most of the username/password authentication systems have a backup system to

include password recovery tools, which permits invaders to get passwords easily.

To overcome these challenges, various transaction service providers and security

system providers are searching for an auxiliary system that could provide an

alternative to password authentication systems by providing improved security

efficiency.

A US-based company named LaunchKey has come up with a solution

known as LaunchKey authentication system. The solution is a multifactor

authentication system, without passwords.

The key feature of the solution is the use of anonymous multifactor

authentication through smartphones and tablets instead of password/username

authentication. The solution is enabled by launch requests known as the receiving

Network Security Technology Alert

© 2013 Frost & Sullivan 9

and responding launch requests. An application programming interface (API)

called the LaunchKey API will send encrypted authentication requests to any of

the user’s mobile devices that are pre-registered. This encrypted authentication is

called a push request and reaches the device based on the servers used. Faster

the servers, the faster the push notification messages reach the device. The

encrypted authentication could be a voice recognition system or finger printing

system or any biometric system. The user has to respond to the launch request

by accepting or denying the push request. The main visualization console is called

the Orbit that consists of all the history of authorizations, including, the trending

authorizations. This allows users to have a record of the authorizations approved

or rejected by them.

The Orbit represents the current status of the session by different color-

coded buttons, which increases ease of use. The various listed status of sessions

include active session, active session-pending response, session pending and

inactive transaction. The system also offers the following application factors for

the user to choose from--Geofencing, Device Factor, Combination Lock, and Pin

Lock.

The solution is expected to have a strong impact in a period of two to six

years. This period of diffusion is mainly due to the solution’s capability to include

a host of authentication factors without affecting the performance of the mobile

device. The solution is expected to cater to the bring-your-own-device (BYOD)

concept, which is gaining increasing popularity. The strong, simple, and flexible

solution is expected to match the mobile security needs of different smartphones

and other devices.

Details: Devin Egan, Co-Founder, LaunchKey, Bedford Farms Drive

Bedford, NH 03110. Phone: +1-916-955-1313. E-mail: info@launchkey.com.

URL: www.launchkey.com.

7. INTELLIGENT SYSTEM TO ANALYZE ZERO-DAY ATTACKS

Everyday a massive number of malware are discovered by security

professionals in the anti-virus solution market. However, in spite of continuous

updating of anti-virus software, it fails to identify malware threats due to the

sophisticated codes and advanced e-mail security penetration techniques used by

today’s malware programmers. By the time the anti-virus industry recognizes an

attack after it is received by users in their e-mails, already millions of networks

Network Security Technology Alert

© 2013 Frost & Sullivan 10

have been infected, even before the malware is listed by the professionals. This

has generated the need for an advanced network protection solution, which could

provide users with the information for protection against these zero-day attacks.

In order to address this issue, Pennsylvania-based security solution

provider, Malcovery Security introduced its technology called Malcovery Cyber

Intelligence & Forensics (MCIF) System Architecture. MCIF system from Malcovery

includes a comprehensive Threat Database along with a Malcovery patented

technology to analyse and protect sensitive data of users.

Malcovery offers its solutions and services over a cloud platform. The

intelligent MCIF System Architecture leverages a massive threat database, which

acts as the backbone for the Malcovery solution. Utilizing the information in the

database, the company implements big data analysis technique, this helps the

users to understand the pattern and behaviour of threats within a network. The

cloud framework with connection across diverse data sources, extracts data from

various proprietary and pubic sources thereby acting as a comprehensive base for

the intelligence and forensic activities performed by the solution. The intelligence

and forensic system utilizes Malcovery’s patented technology and innovative

methodologies to offer services to its customers and partners. Malcovery

technology analyses millions of e-mails daily for extraction and deduplication of

new URLs. At the current level of accuracy, the solution detects around 65% of

phishing URLs within seconds. The URLs, which are not automatically detected by

the solution, are forwarded to the operations team for human classification. Once

the classification is done manually, the system is smart enough to learn the

pattern that can be matched for future analysis.

One of the major benefits provided by Malcovery solution is its multi-phase

investigation methodology, which analyses spam, malware, and phishing threats

with much more accuracy than its competing solutions. The solution not only

provides actionable insight on cross-platform attacks, but also provides

notifications to users about emerging threats. This helps customers to enhance

their knowledge base and provides a more comprehensive solution to malware

attacks.

Malcovery already offers its solution to some notable enterprises, which

include Facebook, Bank of America, and eBay. The accuracy and efficiency

provided by the convergence of cloud technology with big data analytics within

Malcovery solution makes it an attractive package for the customers for securing

Network Security Technology Alert

© 2013 Frost & Sullivan 11

their sensitive information. It is expected that the solution could soon penetrate

to a wider customer base within a short time span of 1 to 2 years.

Details: Kelly Doyle, PR Manager, Malcovery Security LLC, 2400 Oxford

Drive #302, Bethel Park, PA 15102. Phone: 412-401-5423. E-mail:

pr@malcovery.com. URL: www.malcovery.com.

8. NETWORK-BASED APPROACH ENHANCING CONTROL FOR BYOD

STRATEGIES

The latest trend of enterprise workforce to access corporate data from

outside the organization network from their own devices empowers businesses to

perform at its best. This brings in the trend for bring-your-own-device (BYOD)

strategies, which in turn help in improving productivity and satisfaction for

employees. However, this practice also exposes sensitive corporate data to the

outside world, which could be easily hacked by attackers resulting in massive loss

for the enterprises. Thus, there is a need for a structured approach in managing

external devices, lack of which could leave enterprises exposed to security gaps

and IT complexity and compliance issues.

With an objective to address this challenge of managing network

connected device outside corporate infrastructure and ensure protection for BYOD

strategies, ForeScout Technologies Inc., a California-based network security

solution providing company has come up with ForeScout CounterACT solution.

CounterACT provides protection and management tools for both personal

computers and handheld devices.

ForeScout employs an innovative approach for device risk management.

The solution offered by the company leverages a network-based approach, which

helps in identifying and accessing every single device in the network. It helps in

control and remedy for identified devices and finally monitors them to ensure

compliance and protection. The innovative network-based approach ensures

covering every device type available at present as well as in future for BYOD. This

approach negates the need to deploy any additional software into the device,

thereby providing flexibility to independently use any device at end point. In

addition, the solution from ForeScout also includes an intelligent device

identification system, which can detect any device connected to the network

irrespective of its connection type--wired, wireless, or virtual private network.

Furthermore, the advanced identification system also provides data for the

Network Security Technology Alert

© 2013 Frost & Sullivan 12

administrator to know about the devices details such as media access control

(MAC) address, authentication technique used, and applications installed in the

device.

ForeScout enables a wide range of policy enforcement for the device. It

could easily prohibit external devices from accessing corporate network or could

enable customized access rights to specific contents for specific devices in the

network. The solution helps to enforce policies in a more granular manner, which

helps clients to deploy security strategies for understanding deficiencies in the

device network.

ForeScout CounterACT’s uniqueness to limit access to sensitive resources

of an enterprise, ensuring security policies are met on every network connection

and constant monitoring of every connected device provide a comprehensive view

of the BYOD landscape for an enterprise. With the growing concern about

protecting sensitive information from varied types of external devices in BYOD

practice environment for enterprises, the network-based specialized approach

could prove to be an attractive solution for enterprises in the next 1 to 2 years.

Details: Scott Gordon, Chief Marketing Officer, ForeScout Technologies

Inc., 900 E. Hamilton Avenue #300, Campbell, CA 95008.Phone: 1-408-213-

3191. E-mail: sgordon@forescout.com. URL: www.forescout.com.

Back to TOC

To find out more about Technical Insights and our Alerts, Newsletters,

and Research Services, access http://ti.frost.com/

To comment on these articles, write to us at tiresearch@frost.com

You can call us at: North America: +1-843.795.8059, London: +44 207 343 8352, Chennai: +91-44-42005820, Singapore: +65.6890.0275