Exploit kits have become go-to tools for attackers to take control of victims’ machines or steal information. To protect yourself from this type of attack, it’s important to understand how exploit kits work, what their process is, and what vulnerable parts of your organization they are targeting. Our brief, Exploit Kits: A Series of Unfortunate Events, breaks down the sequence of events an exploit kit must complete to successfully execute an attack.
Most endpoint security solutions use signatures to prevent known threats that have already successfully penetrated networks. But attackers of varying skillsets can bypass signatures using inexpensive, automated tools that produce countless unique and unknown attacks.
Palo Alto Networks Traps advanced endpoint protection provides multi-method exploit prevention by focusing on the core exploitation techniques used in exploit attacks, rather than relying on signatures to prevent already-known threats. The result is several layers of protection to block known, unknown and zero-day threats before they compromise an endpoint.
Traps recognizes and proactively blocks exploit techniques that:
- Manipulate the operating system’s normal memory management mechanism for applications used to open up compromised data files
- Would allow an exploit to manipulate an operating system’s normal application process and execution mechanisms
- Would allow malicious code embedded in an exploit file to execute
Traps integration with Palo Alto Networks WildFire, our cloud-based threat intelligence service, provides further protection by preventing known malware execution and uploading unknown malware for dynamic analysis and rendering a verdict within five minutes. Once malware is known, it can be prevented at the network by Palo Alto Networks Next-Generation Firewalls or on any endpoint running a Traps agent.
Organizations that use Traps can continue to use applications, including those built in-house, legacy systems, and software running on unsupported operating systems for example Windows XP or Windows Server 2003.
Learn more about how Traps prevents malware and exploits.
- Traps Advanced Endpoint Protection Datasheet
- Unit 42 Research on Exploit Kits: Getting In By Any Means Necessary
- Latest Blogs on Exploit Kits
[Palo Alto Networks Research Center]