In addition to the local hard drive, malware is also commonly found in a computer’s memory. This is required in order to actively execute malicious code and to cause damage. However, the code does not necessarily have to be executed in its own name. Even existing processes, from legitimate applications, can be misused to target malicious manipulations and to execute malicious code. It is therefore essential for Endpoint Protection to check not only the local disk but also the memory for potential threats.
Basically, every process start is preceded by reading file access to the hard disk. This can be monitored by the File Security of the United Endpoint Protector and stopped at the time of access. Modern malware, however, sometimes uses a variety of stealth techniques to hide from security systems: The file used to start the process may not yet have any signs of malignancy. Windows interfaces could be manipulated to disguise the process start. The malicious code could be implanted in a legitimate process and thus hidden. So-called “file-less malware” comes without associated files on the hard drive and comes into position via, for example, drive-by-download directly into the memory. There are many ways that malware can sneak past a security system during the startup process. Even the execution in the memory itself can be well-camouflaged and is often not visible to the naked eye.
Simple virus scanners quickly reach their limits with this type of malware. Especially if they do not monitor the memory at all or use the standard interfaces of Windows. Finding hidden malicious code in memory requires forensic methods. These view the memory from different angles to determine inconsistencies and are mostly used by professionals after an incident. The Memory Security of the United Endpoint Protector goes one step further. Instead of using forensic methods only when the damage has already been incurred, they are used in advance. For this, the most advanced techniques in the field of memory forensic, from Rekall Forensics, are in place. Because highly sophisticated malware is able to conceal itself from two or three of these methods at the same time, up to eight of these are available in Memory Security. You can therefore get your memory viewed by eight different angles from Rekall Forensics to detect any code execution, no matter how hidden. Once the code is revealed, you can use any security vendor to have it scored for maliciousness. The choice of vendors can be made independently of other security features and thus also according to other criteria. The data throughput of a technology does not play a decisive role in this case and thus approaches can be used that may require a little more time for an analysis.
With Memory Security from Tabidus Technology and powered by Rekall Forensics both memory forensics and protection are catered for. You are also prepared for the most modern and advanced malware variants. Up to eight different forensic methods are constantly looking at your memory, discovering any code inside, and using multiple independent security providers ensures reliable identification of the malicious code.