Detection of Advanced Attacks with a CPU Level Sandbox Technology

  • Thursday, 23 July, 2015 | 14.20 hrs | Sands Grand Ballroom A-D

View all Sessions

First generation OS level Sandbox technology has been around for some time now, allowing organizations to automatically inspect every file passing through their perimeter. Since the introduction of the sandbox concept, the attackers have developed a wide array of evasion techniques, designed to allow their attack to bypass the sandbox inspection and reach the target systems. However, there is another point in time during the infection process that can always be detected if you know what to look for, and is virtually impossible to evade: the Exploit phase. In this session, we will elaborate on a new approach – a CPU level sandbox that can better detect the most advanced attacks, even when they deploy evasion techniques - by monitoring the CPU activity while the exploit occurs.


This document was retrieved from on Wed, 26 Oct 2016 11:11:33 -0400.
© 2016 EMC Corporation. All rights reserved.