Almost every week we see new examples of highly sophisticated organizations and enterprises falling victim to another nation-state cyberattack or other security breach. These attacks are circumventing staple security products such as next-gen firewalls, IDS/IPS systems, web and endpoint security defenses, web application firewalls and database monitoring solutions.
Breaches continue to happen at an increasing rate, with more severe consequences. Forbes reported that the year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. While substantial sums have been spent on network and endpoint-based security, these breaches reflect a general lack of investment in adequate application-aware workload protection. This has continued despite repeated surveys pointing to applications and OS vulnerabilities as the largest areas of enterprise security exposure.
“Memory-based attacks are happening all around us and no one seems to want to talk about it because there hasn’t been a lot of defense against them. Virsec has an extraordinary and effective solution for defending against memory-based attacks. These guys are monsters in that.”
– Chief Security Architect, Schneider Electric
Below are five key reasons why memory-based attacks continue to evade conventional security tools:
1. Memory-based attacks cannot be identified via signature.
Buffer errors or return-to-libc attacks, and many other memory corruption exploits, attack the call stack or memory registers of an application in non-repeating ways. This presents problems for traditional security solutions because most approaches are based on pattern matching, using signatures of past malware or malicious actions.
While some endpoint vendors promote defenses against “memory exploit techniques”, they are still based on signatures and pattern-matching of pieces of existing executable code. Today’s advanced attackers are innovative and resourceful and easily avoid repetitive behavior that can be detected by pattern-matching.