The latest Fortinet Threat Landscape Report (Q3 2017) is sobering but not entirely surprising reading. The number of zero-day vulnerabilities continues to increase, with FortiGuard Labs identifying 185 this year to date. Attacks designed to exploit these vulnerabilities are penetrating more organizations, and they are being engineered to rapidly mutate in ways that makes their detection more difficult and their effects more unpredictable.
But there’s something else going on behind the scenes. It’s also becoming easier and cheaper for adversaries to formulate and launch exploit-plus-malware technology-based attacks. Such attacks are built around pieces of arbitrary code that are embedded in an object in order to force legitimate applications to behave in a malicious manner, thereby enabling bad actors to gain control of an affected application or even the broader IT infrastructure. Like a binary nerve gas, attackers use exploits to poison a system so that they can subsequently wreak havoc.
Thieves’ Market on the Darknet
What makes this process increasingly adversary-friendly is that many exploit kits and payloads designed to exploit these attack vectors are available for rent or purchase on the Darknet. The most sophisticated cybercriminals acquire an exploit kit like Angler, Neutrino, or RIG, stitch it together with off-the-Darknet-shelf malware or build the malware themselves. They then rent botnets or spambots to deliver the exploit payload.
But you don’t even need to be a smart cybercriminal nowadays to be successful. Less technical cybercriminals can simply go to a full-service Malware-as-a-Service portal to select which exploit kit, malware, delivery method, and even the bitcoin account they want to use, and they can then fully automate their cyber campaigns with a few clicks.
One of the truths we have seen over the past few years is that even though many of these attacks are based on exploiting known vulnerabilities that have patches and updates readily available, many organizations are still not immune to them. In most cases, poor cyber hygiene is to blame. Examples include failing to keep software patches and updates current, poor infrastructure visibility, inconsistently maintained security software, and end-users falling for things such as phishing attacks.
Making this dire situation even worse is the use of zero-day exploits in attacks for which no patch exists. This makes them immensely more insidious.
FortiClient: Next Generation Endpoint Protection
Fortinet is not standing still in the face of this rapidly changing threat environment. Recently, we added some significant new technologies to the latest iteration of FortiClient, our endpoint protection product. For example, FortiClient now includes an Anti-Exploit Engine that delivers a next-generation approach to endpoint protection. It also includes auto-patching capabilities that streamline patch management for known vulnerabilities. Automation of patching drives efficiencies while enabling organizations to address vulnerabilities faster.
The Anti-Exploit Engine works by detecting and blocking evasive exploits attempting to manipulate endpoint system memory as a prelude to launching malware in a corrupted memory space. For those familiar with the Lockheed-Martin Cyber Kill Chain model, this takes place at Stage Four, the point where an attack executes on system memory. The Anti-Exploit Engine has proven effective against a wide variety of memory techniques such as buffer overflow, heap spray, and many others.
Most importantly, leveraging the Anti-Exploit Engine enables FortiClient to not rely solely on signature updates to recognize and block attacks. To begin, for endpoints that cannot be patched, the Anti-Exploit Engine serves as a compensating factor. More importantly, beyond providing a next generation approach to endpoint protection in and of itself, FortiClient also integrates with other products and offerings in the Fortinet Security Fabric. Through the Fortinet Security Fabric, organizations gain full visibility and orchestration across their cybersecurity infrastructure, magnifying its effectiveness in reducing cybersecurity risks. FortiClient would be a very powerful product in its own right, but its value is multiplied when it is teamed with other security elements in the Fortinet Security Fabric.
There’s a lot more to be said and learned about the breakthroughs that we’ve built into FortiClient. It’s garnered industry accolades, including an NSS Labs “Recommended” rating. But why trust the feedback of others, you can see it for yourself by test driving a free copy of FortiClient and loading it into the endpoint computer of your choice. We’ve also published extensive background information on FortiClient on its product page on Fortinet.com to help. As cybercriminals look for innovative new ways to exploit the expanding attack surface of today’s organizations, you need tools that not only extend your security profile out to mobile endpoint devices, but that also seamlessly ties them back into a single, unified Security Fabric that scales next generation security protections across even the most complex and highly distributed networks.
For more information, download our paper and learn about the top threats that enterprise security leaders are being forced to address and the security approaches to evalutate to protect against them.