Big bad malware and zero-day attacks that fly under the radar of anti-virus software are hitting enterprises everywhere. With that in mind, HBGary is coming out with a 'do-it-yourself' tool to help security managers beat back Windows-based infections or prevent them while a zero-day outbreak is underway.
Called the Inoculator, it's an appliance that would typically sit inside the network, perhaps near Active Directory, and routinely perform a detection scan on Windows-based desktops and servers for signs of malware.
"If detected, it can remove it," says Greg Hoglund, CEO of HBGary. At the same time, Inoculator would install what he calls a "digital antibody" for a specific malware specimen to prevent re-infection. And that signature-based antibody could also be quickly loaded onto other enterprise computers to inoculate them against what might be an ongoing zero-day attack.
The detection process requires Inoculator to connect via remote procedure call to the end node with privileged access so it can carry out the scan. Hoglund says HBGary's scan process will look for things such as Zeus bots that are often missed by anti-virus. In general, it will look for ways malware can affect a computer system, such as registry keys, event logs and other indicators. "A scan policy once a night would be fine," Hoglund says.
Basically, the idea is that the Inoculator security manager will be able to create a specific signature defense for a detected malware specimen even before anti-virus software vendors may come up with one; it has been known to take a day or so even when well-recognized zero-day attacks have started.