|
| SigFree SDK |
|
The SigFree SDK allows you to develop applications capable of identifying and dealing with malware, even self-modifying malware, as soon as it’s launched – at DayZero. SigFree is signature free, does not rely on string-matching and does not slow you down. SigFree can detect suspect code even employing polymorphism, encryption, metamorphism, self-modifying, anti-disassembly, and anti-emulation. DayZero and SigFree change the trade-off dilemma between effectiveness and cost which faces malware protection today. What had been too expensive to implement for true zero day protection in the past is made feasible today with SigFree:
The yellow triangle depicts the typical deployment methodology today. Most economical is to “allow the known good” and “block the known bad”. Allowing the “known good” is the most economical but the least reliable. To manage new unknown threats usually results in high system overhead, reduced throughput, and high false positives. Before DayZero and SigFree, use of the latter approach had been minimized in order to contain costs and retain system performance. DayZero changes this equation with its SigFree technology and provides defense against unknown attacks with low system overhead, no noticeable reduction in throughput, and virtually zero false positives. SigFree has the following general characteristics:
SigFree’s first recognizes that valid requests contain data and no executable code, nor, for example, branch functions or indirect jumps. SigFree will disassemble and distill code recognizing that,
SigFree technology allows disassembly and distillation and defeats encryption, self-modification, anti-disassembly and other obfuscation techniques – all with very little impact on system performance; i.e., with high effectiveness. SigFree has been shown to achieve all of this with a zero false negative rate and false positive rates varying from zero to 0.0079%. |
Solution Sets
The SigFree DLL can detect malicious http/https requests. Such malicious traffic is frequently used for buffer overflow attacks. For example, in testing the SigFree DLL was deployed as a proxy-based web server protector. See the Case Study including results using 5,000 simultaneous clients.
Use the SigFree SDK to create or enhance firewalls, protect end points from malware introduced through detached media, or to periodically scan memory. One subset of end point protection is Browser Protection below.
Browser plug-ins, including ActiveX controls, are only one of the major vulnerabilities of browsers that can infect your network and attached devices. SigFree development including testing of both standalone and client-server browser plug-in protectors. See the Case Study including client-server results with up to 1,000 simultaneous users.
SigFree can be used as an online or offline memory analysis tool. As an offline tool, it can be used to analyze large volumes of traffic for improvement of your device's security agent, development of patches, and creation of valid white and black lists. Please also see the brief Case Study.
Whether you're an ISV, an ISP/Hosting Firm, have a large in-house network or have Clients with large in-house networks - use the SigFree SDK to improve and add new functionality to you Unified Threat Management Suites - add zero day protection for newly launched threats.
Whether a computer, server, content manager, or add-on card manufacturer - use the SigFree SDK to add new functionality and a higher level of protection - add zero day protection with SigFree.
