IBM Takes Aim at Endpoint Security with Trusteer Apex
In a world where anti-virus is no longer entirely effective, IBM launches new technology to secure endpoint devices.
IBM wants to help secure enterprises and it's going right to the endpoint to do it.
This week IBM announced its new Trusteer Apex technology, in a bid to help secure endpoints. IBM acquired Trusteer last August, expanding Big Blue's security portfolio.
"Trusteer Apex is focused on protecting enterprises from advanced attacks and APTs on their endpoints," Andy Land, program director for Trusteer, an IBM company, told eSecurityPlanet, adding that Apex supports protection for Windows XP, 7, 8, and Mac.
Trusteer Apex is not a mobile endpoint technology. Land said that IBM has another capability called Fiberlink that provides a secure, flexible infrastructure for enterprises to control and manage mobile devices.
Land explained that Trusteer Apex has multiple defenses integrated into the product for credential protection, exploit chain disruption, cloud-based file inspection, lockdown for Java, and blocking malicious communications.
"Trusteer Apex protects endpoints throughout the threat lifecycle by applying an integrated, multi-layered defense to prevent endpoint compromise," Land said. "This preemptive approach breaks the attack chain -- the end-to-end process used by attackers to breach an organization -- by choking off attacks at the strategic choke points."
Trusteer has identified and mapped out these strategic choke points through extensive research, he said. By understanding where the choke points are, Land said that Apex is able to provide powerful advanced threat protection against unknown/zero-day threats as well as known malware.
"As we've seen over the years, traditional anti-virus cannot protect organizations from today's advanced threats," Land said. "We developed Trusteer Apex to arm organizations with the protections they need against these advanced threats."
This doesn't mean that an organization can or should stop using endpoint anti-virus technology on its endpoints. Land said there is value in anti-virus for protection against what he referred to as "legacy" threats, while Apex is effective for the prevention of advanced threats.
One particular class of threat that Apex locks down is Java vulnerabilities. Java has been cited multiple times in recent years as being one of the leading causes of enterprise exploitation. Monitoring and identifying rogue Java applications that, by themselves, have not exploited a vulnerability is no trivial task, Land said.
"These applications behave normally, however are malicious in what they do," he said.
The Trusteer Apex agent examines both the trust level of the executing Java code and the risk level of the resulting application actions to identify rogue applications, Land explained. Apex prevents malicious (untrusted) Java applications from performing high-risk actions such as writing to the registry or file system, as an example. Land added that the Apex approach to securing Java does not burden the user with heavy policies or rules that might block benign applications.
From a management perspective, the Trusteer Apex technology is supported by a Trusteer management application that resides in the cloud.
"Administrators have private access to policies and reporting via a Web application," Land explained. "Distributed endpoints are updated via this same cloud mechanism, ensuring protection both on and off the corporate network."
The Apex technology also benefits from the broader IBM organization and specifically from IBM's X-Force security research division.
"Trusteer Apex protects endpoints based on Trusteer's intelligence gained from protecting hundreds of millions of endpoints and from information provided from the IBM X-Force advanced research labs," Land said. "These updates are delivered to each protected endpoint from the cloud."
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.
By Jeff Goldman
May 09, 2014
37 percent say they've been infected in the last 12 months by malware that evaded detection by traditional cyber defenses.