![]() ![]() During that time, the file is still contained in the “capture” and hence cannot cause any harm. In certain cases, it will not be possible for our engines to make that decision, which is where our experienced analysts will step in to manually analyze the file. Typically, the automated analysis will need up to two hours to make a reliable decision about the file. Additionally, running our powerful detection engines on our backend means the cybercriminals have to touch our cloud to test our products abilities, which not only makes their lives harder, but also lets us see them. We moved the technology to the cloud, so that we can leverage all of our heavy weapons to analyze samples in a controlled environment. While developing CyberCapture, we put a great deal of effort into shortening the time between malware discovery and the deployment of a detection. By moving the technology to the Cloud, and taking all the time needed to properly analyze the file, we are now adding an additional layer of protection that will be extremely difficult for attackers to beat. And second, it allowed the suspicious file to run in the sandbox for only a very short time (typically 10-15 seconds), dramatically reducing the precision of the decision-making algorithm. First, it relied on the NG virtualization component, which wasn’t compatible with all systems (it required certain settings to be enabled in the system BIOS etc.). DeepScreen had two major problems, though. By peeling away layers of obfuscated code in the cleanroom environment of our cloud, CyberCapture is able to fully dissect the file and observe the binary level commands inside the malware and fully understand the instructions hidden there.ĬyberCapture evolved from our DeepScreen technology, which used to analyze unknown files locally, in a virtualized “sandbox” environment. This allows us to clear away all the false code, misdirection, and other stuff malware creators use to mask malware’s true intentions. ![]() Rather than relying on the latest definition updates, CyberCapture isolates suspicious files in a safe environment and automatically establishes a two-way communication channel with the Avast Threat Labs for immediate analysis. ![]() In a nutshell, CyberCapture is a cloud-based smart file scanner. Since samples constantly morph, their life spans are radically shortened, allowing cybercriminals to focus on big and quick campaigns to hit the maximum number of victims within the shortest time frame possible. CyberCapture detects morphed, yet-unknown files in real time and thus protects you from zero-second attacks. ![]() Server polymorphism is where one malware sample targets a single user before the code morphs into a new sample and attacks the next user, enabling zero-second attacks that are very difficult to prevent using traditional protection methods. Threats are becoming more sophisticated and the life span of malware has drastically changed with the heavy use of server polymorphisms and targeted attacks. The threat landscape has significantly evolved in recent years and malware has become a lucrative business for cybercriminals. CyberCapture dramatically raises the bar when it comes to protection against zero-second attacks. One of the new ways we are increasing protection is with a cool new proprietary technology called CyberCapture. The update’s name is Nitro, because it is filled with innovative, new ways to increase speed and increase protection. This week we released a new version of our core PC antivirus product, which we refer to as the Avast Antivirus Nitro Update. CyberCapture isolates unknown files in a safe environment and establishes a 2-way communication channel with you and Avast’s team of expert security analysts. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |