Detecting Fileless Web Threats Just Got Easier

Detecting Fileless Web Threats Just Got Easier

Fileless malware is almost traveling mainstream

Lastline’s unique architecture protects organizations from advanced fileless malware.

Last week at the RSA security conference, Christopher Kruegel, Lastline co-founder and CEO, gave a remarkable presentation about detecting fileless web threats—a new capability present in the spring 2017 release of Lastline Enterprise.

During his presentation, Kruegel explained how this new feature enables rapid detection of browser-based exploits—even when there are no files to analyze.

We are all familiar with the basic process of detecting malicious threats by analyzing the files that harbor those threats. Malware detection tools inspect suspect files for known malware signatures, abnormalities in structure or content, and malicious behavior when opened or executed.

But what if the web threat is not present in a file? What if the threat is embedded within the JavaScript that your browser loads when it visits a web page? Consider a scenario where a malicious Flash file is obfuscated within the JavaScript itself. There is no actual file to analyze as the threat is contained solely within the JavaScript. A bona fide, fileless web threat.

ArsTechnica, security editor Dan Godin says “fileless malware is going mainstream.”

Fileless malware is difficult to detect

Unfortunately, there has been a significant increase in fileless web threats. Threats of this type are especially dangerous because conventional malware detection tools rely on the presence of files. Without files to analyze, they can’t detect threats. Although it is conceivable to evaluate all JavaScript in a sandbox, it is not practical. The reality is that there is just too much JavaScript to evaluate it all. An average sized company has hundreds of thousands of pages containing JavaScript flowing over their network every day. The latency involved, which can often be up to ninety seconds per page, makes sandbox analysis unacceptable.

Kruegel explained how Lastline’s innovative Web Threat Detection Pipeline adds several different prefilter inspections, which make it feasible to analyze JavaScript. The initial analysis occurs quickly and efficiently, evaluating the JavaScript for anomalies or exploit indicators. Clean JavaScript is readily identified and requires no additional scrutiny. Suspicious JavaScript undergoes increasing levels of analysis.

This efficient and unique capability enables organizations to inspect JavaScript and find fileless web threats, adding an important new level of protection from advanced malware.

Learn more about Lastline’s innovative features and how it can help protect your organization.