Cyber defenses are a must for all enterprises, yet many companies deploy solutions that are powerless in an environment where undisclosed and zero-day attacks abound. With cybercriminals becoming more sophisticated than ever and investing enormous effort in preparing successful targeted attacks, a revolutionary approach to cyber protection is required.
This patented Advanced Content Disarm and Reconstruction technology provides the ultimate solution for stopping undisclosed and zero-day threats before they come through an organization’s door.
Today’s ever-increasing reliance on data brings with it elevated risks, threats, and vulnerabilities for organizations and communication networks, and many of these vulnerabilities are undetectable by traditional network security devices.1 In the past, cyber threats affected only a small portion of business activity. However, as the reliance on data continues to grow, so too does the impact of cyber threats on organizations’ business activity. With the increasingly aggressive nature of cyber attacks, novel approaches to security are needed to successfully protect organizations.
By design, an exploit targets a vulnerability in an application and typically triggers an intruder’s code. A vulnerability is a “hole” in an application—say, Adobe Reader— that can be exploited to launch an attack on a computer or network system. A common method used by attackers to exploit vulnerabilities is spear phishing: sending targeted email messages that contain a malicious attachment and look harmless to the recipients. When a recipient opens the attachment, malware is deployed and the targeted attack begins.
Life Cycle of a Vulnerability
A software vulnerability opens the door to cybercriminals. A person who discovers a vulnerability can use it to gain entry to a system and then obtain unauthorized access to data.
A vulnerability has a life cycle consisting of three stages: undisclosed, zero-day, and patched.
Stage 1: Undisclosed
At this stage, a vulnerability in an application, a system, or even hardware is unknown to the vendor or the security community but has been discovered by someone, possibly a researcher in a cyber warfare organization—or worse. This type of vulnerability presents a high security threat to everyone and can go undetected for years. Because the application’s vendor does not know of the vulnerability, countermeasures cannot be developed to prevent or block its exploitation. Undisclosed vulnerabilities are frequently used by groups that gather cyber intelligence or trade information to receive large cash payouts.
Stage 2: Zero-Day
At this point, the vulnerability has been disclosed to the vendor and the security community. A zero-day vulnerability is a software weakness that has just appeared for the first time, and no patch has been developed to overcome it. This type of vulnerability presents a high risk of exploitation; intrusion detection systems or traditional protection systems using signature-based detection might identify exploitation activity after gathering and extracting several samples, but an exploit that a hacker has manipulated will be able to avoid signature detection. Zero-day vulnerabilities can go unaddressed for some time, because vendors may take 90 days or even more to respond to reported threats.
Stage 3: Patched
At this stage, although the vendor has already issued a patch for the vulnerability, it can be opportunistically exploited in non-patched environments of out-of-date applications. Large organizations may be particularly susceptible to opportunistic attacks, because patch management is more cumbersome than in smaller organizations. The threat level at this stage is low, because the vendor has provided a patch.
ORIGONE's technology protects entities from cyber attacks brought on by exploits at all three stages of the vulnerability life cycle.
The Solution: Disarming Undisclosed and
The Advanced Content Disarm and Reconstruction technology is a proactive, signature-less method that targets the file formats that are most commonly exploited via spear phishing, other advanced persistent threats, and cyber attacks. The technology disarms exploit attempts before they reach the end-user environment.
To ensure a successful exploit, malware writers often carefully design and build multiple suspicious objects and embed them in a malicious complex file. For example, a Microsoft® Word file may contain an ActiveX® or OLE object to execute an attack, plus shellcode that is triggered by a malicious image or macro. (Shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.) The Advanced Content Disarm and Reconstruction engine carefully inspects the file to identify malicious or suspect content and then, after extracting the malicious content, rebuilds the file in such a way as to retain its usability.
The Advanced Content Disarm and Reconstruction technology supports containers, such as ZIP and other archive files, as well as the files within the containers. In the latter case, multiple compressed layers are recursively decompressed, disarmed, and recompressed, preserving the files’ original functionality.
A malicious image has been attached to a targeted email message. The image contains embedded shellcode. For successful exploitation, the shellcode must run on the processor exactly as written, bit by bit. Think of shellcode as a lock in which all the pins must be precisely positioned for the lock to open. An image viewer is supposed to display the pixels of the attached image. However, the image contains an exploit, so an image viewer application that has a vulnerability will execute the exploit when displaying the image's pixels .
The Advanced Content Disarm and Reconstruction process dissects the raw image data, restructures the bits (the exploit code embedded in the image), and then reconstructs the original file without the exploit code. Now the image viewer can display the pixels without running the exploit.
London - United Kingdom, 07.08.2017
• Windows 10 Universal Apps Protection: Universal apps are now protected with keystroke encryption.
• Windows 10 Edge Browser Protection: MS Edge browser is now protected with keystroke encryption.
• Clipboard Protection: Data copied to the clipboard is now encrypted.
• Anti-Hooking Technology: Programs that use low-level keyboard hooks for keystroke recording and now prevented from capturing data.
• Mouse Click Protection: Malware programs designed to record mouse clicks (events) are now prevented from capturing any & all mouse events.
• Crypto-Color for Edge, Chrome, Firefox & Opera: We have added Crypto-Color to MS Edge, Chrome, Firefox & Opera.
• Enhanced Keystroke Encryption Protection for apps running at “High Integrity Level” (elevated privilege): Any programs that run with elevated privileges are now protected by keystroke encryption, screen capture protection & clipboard encryption.
• Enterprise Enrollment Code feature: This new Enrollment Code feature for universal licenses of ORISECURE solves the issue of “how to allow each end user within an Enterprise licence to register their device with their own email address and password”.
After the company’s admin activates the software he/she can now create an enrollment code and send it to each of his/her users along with an enrollment url, the end user would go to the url and type in his/her enrollment code and email address and hit the submit button, a couple of seconds later the end user will get an email whereby they can click the link and create their own password. The user would than download/install the software from the appropriate download store link (apple or android) and use their newly created email and password to login to the mobile app.
Tokyo - Japan, 21.07.2017
In the course of ORIGONE's expansion plans, the corporation has partnered with Accenture Strategy to support the plans of Japan market entry.
In the coming months, both companies will enforce the cyber needs of key industry sectors:
Berlin - Germany, 09.07.2017
ORIGONE has been selected by the organisers of the prestigious International Security Conference in Berlin, to exhibit and speak during the event on 19th of October 2017.
Futurism/Cyber Scrum Tallin, Estonia 07/09/2017
UK-NL Cyber Showcase The Hague, NL 26-27/09/2017
Cyber Tech Europe Rome, Italy 26-27/09/2017
3RD ANNUAL ENERGY CYBER SECURITY EXECUTIVE FORUM "America Square Conference Centre 25/09/2017
Malvern Festival of Innovation Wyche Innovation Centre, 05-06/10/2018
UK Industry Day at NATO HQ Brussels, Belgium 24/10/2017
Billington Cyber Security Summit Washington DC, USA 13/09/2017
InfoSec USA Boston, USA 04-05/10/2017
Hong Kong FinTech Week 2017, Hong Kong, HK, 23-27/10/2017