Security

Application shielding: Exploring ExploitShield

Dominic Vogel talks to the CEO of ExploitShield to find out more about what is meant by "application shielding" technology and how it fits in with other security mechanisms.

As part of my daily security readings, I came across application shielding. I had never really given much attention to the idea, but the basic premise is that rather on focusing on detecting the countless threats, application shielding aims to prevent malicious exploits from compromising computers through software vulnerabilities. I reached out to Pedro Bustamante, founder and CEO of ZeroVulnerabilityLabs (creators of ExploitShield) to find out more about his company’s application shield tool and how it fits into the security ecosystem.

Preamble: What is ExploitShield? Is it a single product or a group of services? According to your website there are security intelligence and software hardening services? How do these fit in?

Bustamante: ExploitShield is the name of the "application shielding" technology we have developed at ZeroVulnerabilityLabs. Even though it is currently only in beta, it has many potential applications such as products for consumers and companies as well as services. In terms of services, the technology itself can be implemented by other software vendors to protect their applications or it can be used as a web service to detect exploits and provide security intelligence to companies or researchers.

Question 1: What problems does ExploitShield address (malicious insiders, nefarious external actors, mistakes, drive-bys, targeted attacks, etc)?

Bustamante: According to various sources, the percentage of malware infections via exploit kit vectors is becoming more and more prevalent. Exploit kits implement exploits for various vulnerabilities such as Java, Flash, Shockwave, and Adobe, and they are very effective at infecting users, even those with the latest security updates and patches. With this in mind we have created ExploitShield Browser Edition to provide free protection against the plague of exploit kits so that they can be a little more secure while browsing the web.

ExploitShield Browser Edition, which is currently in beta, is helping us identify bugs in order to improve the application and its protections. With these improvements we are also working on ExploitShield Corporate Edition, which incorporates other shields such as for the Microsoft Office suite of applications and for other types of more advanced attacks. As such, the core engine for ExploitShield Corporate Edition is different to that of ExploitShield Browser Edition.

Question 2: What kind of security problems is ExploitShield not designed/intended for?

Bustamante: ExploitShield does not try to compete with any other security solution. Rather it is meant as a layered complement. For example, currently anti-malware solutions have to take care of many different infection vectors, while ExploitShield focuses only on the ones which we think are more prevalent and dangerous for consumers, companies, and organizations nowadays, the execution of payloads from vulnerability exploits. It is also worth noting that ExploitShield does not try to prevent other type of vulnerability exploits related to insufficient configurations such as directory traversals, XSS, etc.

Question 3: How would a company go about implementing ExploitShield solutions in a corporate setting? What sort of planning/architecture changes need to be carried out? Is enterprise integration a major undertaking? What is the architecture behind the solution? Is it installed on every computer (or is there a central server)?

Bustamante: Architecture-wise ExploitShield Corporate Edition incorporates more powerful protections as opposed to the free ExploitShield Browser Edition. ExploitShield Corporate Edition is a centrally managed solution. It needs to be deployed to each endpoint that the company wishes to protect. Through a centralized console, the administrator can view blocked attacks on any endpoint as well as manage the security policies of ExploitShield enterprise-wide.

Question 4: What makes ExploitShield unique? At a high level how does it "work"? Does it focus more on protecting vulnerabilities than identifying and preventing countless threats?

Bustamante: There are many really good security solutions and techniques on the market, such as sandboxing, white-listing, and exploit mitigation to name a few. One of the problems with many of these is that they require complex management or implementations. For this reason we felt that there was a need for an anti-exploit solution which was truly "install-and-forget" in order to protect users and companies without requiring them to be security experts. ExploitShield works without requiring signature updates to identify individual vulnerabilities or payload (malware) samples. It consists of a proactive way of blocking exploit payloads from executing on the attacked machine.

Question 5: What is the initial licensing plan/structure? Is this a solution that will be practical for organizations of all sizes? Small businesses? Or just major enterprises?

Bustamante: Our objective is to create different products for each market, consumer, SMB, and enterprise, each adapted to the needs of each segment. Of course we are currently still in technology beta phase so it's a little early to discuss details of each of these implementations.

Question 6: What operating systems will ExploitShield be available for (Windows, Mac OSX, Linux flavours)? What about mobile devices (iPhone, Android?)

Bustamante: Currently we are focusing only on Microsoft operating systems but in the future we could investigate implementing our technology in different platforms.

Question 7: Is ExploitShield a disruptive solution - does it make other security solutions (such as antivirus) obsolete? Or is it meant to be used as part of a layered defence-in-depth security model?

Bustamante: ExploitShield does not make other security solutions obsolete by any means. It is meant as an additional security layer. Implementing a layered approach to security, knowing the limitations and shortcomings of each layer, is the best approach, and will be for a long time, to raising the bar against intrusions and infections. At the end of the day no security system is 100% and the real value of a security technology is measured hand in hand with the company behind it, its continued support of the technology and its customer service.

Question 8: Is it meant to be a "set it and forget it" product? Or is it actively providing customers with actionable security intelligence?

Bustamante: ExploitShield is meant to be a completely "install-and-forget" solution. Of course enterprises will want to customize and manage its deployment and configuration options, but from the perspective of end-users it is completely install-and-forget.

A technology to watch

I wish to thank Pedro for his cooperation in providing such detailed answers during our conversation. Application shielding is certainly an interesting concept, and while it is certainly not mature, given the rapid proliferation of threats, it may prove to be an important tool in the security defense arsenal.

About

Dominic Vogel is currently a security analyst for a financial institution in beautiful Vancouver, British Columbia.

1 comments
Chashew
Chashew

Thank you Dominic and thank you Pedro for producing more info on Exploit Shield. I was one of the first to begin testing this product and if my memory serves me there where maybe 4 downloads. Anyways I know from past products what is meant by a Shield app. I am really enjoying having another layer added that functions very well with my AV and Malware protection. One thing I have noticed about any platform app is first you need to have as clean a machine as possible before install. Once done I have found they do not come back and new ones burn up in cyberspace, I so love descriptive writing. Ok now in the process of testing I find it still a bit lax on Adobe protection but we know that poor Adobe has been the brunt of attacks for many many years. The new updated version of Flashplayer is holding it's own but the old version if infected runs like crap. I have not pushed the envelope with the new shield except to run high end online 3D games and lower end games that use flash. So far all is good with only low spyware from the apps getting into the flash log. Some known sites that I had marked as bad where also on my test list and Exploit Shield booted the hit with ease. The attacks I chose where one's I know how to remove, just in case something went fowl. My best wishes go out to ZV Lab for the dummy proof extra and hope that sometime soon you include AV apps in the shields protective hands. Thanks again to both of you for all you have done to provide a information station and keeping it real. I so enjoy every minute of the many years I have examined Tech Republic pages. And know you don't get enough thank you's.

Editor's Picks