Targeted attacks continue to grow at an exponential pace, with the majority of attacks using application-level vectors to gain the first intrusion to a network. Malware of this type shares a common denominator: code that is traveling in and out of the network. The code is hiding or encrypted deep in the data streams of common applications such as Microsoft Office and Adobe Acrobat, where no one is looking for it.
The code is then executed, launching the attack by exploiting vulnerabilities inside the applications. Most anti-malware solutions are based on dynamic analysis and focus on identifying suspicious behavior. This method requires actually opening the object to be analyzed in the exact target environment. Once opened, the malicious code takes control and evasion is just one step away.
Solebit SoleGATE platform uses an innovative non-behavioral and conclusive approach to cybersecurity protection.
Solebit’s patent-pending DvC technology detects hidden code within data objects, regardless of the data object type and what the code looks like, then blocks the data object from entering the organization.
If a stream includes code, it stays out. Period.
Whenever there are hidden codes, encrypted and polymorphic payloads, shellcodes or other commands buried in files, SoleGATE finds them. Every time. SoleGATE does not need to open or execute the files in order to identify the hidden code. It does not rely on any signatures or external sources (such as blacklists, external inputs etc.)
Traditional Sandbox solutions execute the inspected item thus gives the malicious code a chance to try and evade it. Examples of evasion techniques are Human Interaction reliance, abuse Sandbox constrains and environmental diagnosis. SoleGATE does not require execution of the code thus minimizes the possibilities to evade detection.
The system does not require cybersecurity experts to implement and operate the system. Once deployed, SoleGATE Platform does not require signature updates, connectivity to Internet or other data repositories.
SoleGATE does not attempt to deduce from the file’s behavior whether it is “malicious” or not – a method which often provides inconclusive results. If a stream or file includes code, SoleGATE keeps it out.
SoleGATE is a virtual appliance installed on premise or on the cloud, hence does not require dedicated hardware for installation. Since it is platform independent, no complicated configuration process is required and the system can be up and running within hours of installation.
SoleGATE uses the DvC static analysis method which returns only conclusive results (“Code detected” or “Clean”) and does so rapidly, thus enables the customer to achieve real prevention by blocking malicious files or streams without any impact on performance and user experience.
SoleGATE provides the widest coverage regardless of the customer’s Operating System (Windows, Linux), whether it is a 32bit or 64bit and no matter the type and version of the client side application.
SoleGATE handles multiple files per second, allowing organizations to process large volumes of data without latency and without causing human-related bottlenecks and queues.
SoleGATE Email Protector is a virtual appliance, installed on cloud or on-premises, that detects and prevents cyber-attacks over the email attack vector, before they even enter the organization’s internal networks. One of the SoleGATE Protection Platform modules, SoleGATE Email Protector powered is by Solebit DvC Engine, uses patent-pending static analysis technology to inspect the email traffic for hidden code inside data objects, providing a conclusive result for each scanned email.
Powered by DvC engine SoleGATE Email Protector provides real time prevention by inspecting every incoming email and blocking weaponized emails.
SoleGATE Email Protector can be deployed in Prevention mode as an MTA or in Detection-Only mode using Mirror Port or auto BCC. Typical deployment examples include: Deployment on premises or on cloud between Mail Relay (anti-spam) and Mail Server:
SoleGATE Email Protector provides the widest coverage, regardless of the customer Operating System is (Windows, Linux) whether it is 32bit or 64bit and no matter what is the type and version of the client side application.
Once deployed SoleGATE scans all incoming emails. Results are conclusive and malicious files are detected and blocked automatically. With a false positive rate of less than 0.00002% SoleGATE requires practically no human intervention.
SoleGATE Email Protector integrates with SIEM solutions (using syslog based notification) and enables to send customized email-based notifications to the blocked email’s recipients and to the SOC personnel.
Detected emails are stored in a quarantine, enabling the SOC to download and further investigate (if required), and to release emails to the original recipients when necessary.
SoleGATE Email Protector dashboard contains the summary of events / alerts and allows to generate report in order to obtain to get useful and relevant insights.