enSilo Helps Security Community Detect Far-reaching "Process Doppelgänging" Evasion Techniques Bypassing Popular AV and NGAV Defenses

SAN FRANCISCO, Dec. 13, 2017 /PRNewswire/ -- enSilo, the company that provides unified endpoint security with NGAV and automated EDR for real-time pre- and post-infection protection, today announced a free audit that will help enterprises determine whether their deployed security products can defeat "Process Doppelgänging" evasions taking advantage of Microsoft Windows features to slip malicious ransomware and other threats past updated, market-leading AV and NGAV security products.

After discovering the Process Doppelgänging evasion technique in research conducted by Eugene Kogan, Tal Liberman and Omri Misgav, enSilo disclosed its findings last week at Black Hat Europe in a session led by enSilo researchers. A public enSilo webinar further detailing how the evasion works is also available. Process Doppelgänging's impact and scope are significant, because the evasion blinds many common anti-malware and forensics tools and lets attackers re-purpose known strains of malware otherwise blocked by these commonly-deployed defenses.

To learn more about Process Doppelgänging, view enSilo's FAQ (Frequently Asked Questions) here. To request enSilo's Process Doppelgänging Security Check audit free of charge, register here. The audit service evaluates whether a Doppelgänging evasion will be successful by running a comparative test in two operation modes. The first mode launches a test file representing malware "as is," which should be blocked by most security vendors. The second mode launches the same test file leveraging the Process Doppelgänging technique, which will bypass many AV and NGAV vendors' products.

"After our team's presentation at Black Hat Europe on Process Doppelgänging, we continue to receive an overwhelming amount of information requests about the threat from enterprises and established AV, NGAV and EPP (Endpoint Protection Platform) security vendors wanting to learn more about our research and test this new evasion against their security products," said Udi Yavo, enSilo CTO and Co-founder. "In the spirit of helping the security community - including enterprises, other vendors, testing organizations and managed security service providers managing defenses - we are making Process Doppelgänging Security Check available to shore-up defenses against this new evasion technique."

enSilo's renowned team of security researchers works tirelessly to defend customers and the wider security community from evolving threats. enSilo has earned recognition for high-profile work uncovering security risks with major operating systems and novel attack methods. This includes offering an independent patch for Windows' ESTEEMAUDIT remote desktop protocol vulnerability, detailing "AtomBombing" attacks that inject malicious code through Windows atom tables and revealing how attackers can hijack anti-virus products' own features to defeat security measures.

"Our Process Doppelgänging research demonstrates that any solution that aims to stop hackers from infiltrating is prone to one form of evasion or another. Pre-infection security capabilities that can help detect and prevent malware infection are important for maintaining good hygiene, but equally there must be post-infection countermeasures in place that can detect and stop malware real-time from causing unchecked breach impacts, disruptions and providing comprehensive protection," said Roy Katmor, CEO and Co-founder. "enSilo offers a unified approach with both pre and post infection protection capabilities to stop needless, costly dwell time and breach impacts, whether due to simple or sophisticated forms of malware."

About enSilo
enSilo comprehensively secures the endpoint pre- and post-infection. enSilo automates and orchestrates detection, prevention and real-time response against advanced malware and ransomware without burdening cybersecurity staff. enSilo's single lightweight agent includes next generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response and virtual patching capabilities. Coupled with a patented approach that has full system visibility, enSilo's endpoint security solution stops modern malware with a high degree of precision and intuitive user interface. Cybersecurity staff with enSilo can effectively manage malware threats without alert fatigue, excessive dwell time or breach anxiety. enSilo's cloud management platform is flexible and extensible to meet operational needs that stop malware impact. For more information please visit www.ensilo.com.

SOURCE enSilo

Related Links

http://www.ensilo.com