Next Generation Application-Level Behavior Blocking A Step Ahead of Proactive Security
Finjan's breakthrough Next Generation Application-Level Behavior Blocking is the ultimate solution for your enterprise's Internet security needs. Finjan has improved its patented technology to provide unbeatable security, while enhancing performance and flexibility. Taking Internet security to previously inconceivable levels, this is the ONLY solution to effectively combat new and unknown attacks driven by Active Content.
The Active Content Security Challenge
Secures Your Network from Malicious Active Content without Compromising Performance
The ubiquity of Active Content technologies, such as Java applets, ActiveX controls, JavaScripts and executable files presents a difficult security challenge for enterprises. In most cases, Active Content is used for legitimate business applications such as web conferencing, e-commerce, and webmail. However, Active Content technology may also be exploited to carry malicious mobile code, which is downloaded and executed on a local system without the user's explicit knowledge or consent.
Finjan's Next Generation Application-Level Behavior Blocking technology identifies the combinations of operations, parameters, script manipulations and other exploitation techniques for a given piece of content before it begins to run on the target computer. By working at the application level, it determines the full set of behaviors that the content will exhibit when loaded into the target application, e.g. a web browser or email program. Then, in accordance with each organization's specific security policy, Finjan's system decides whether to pass, block or neutralize the content.
Viruses, Trojans, Worms and Spyware operate at Layers 7 and above (Layer 8).
Next Generation Applivation-Level Behavior Blocking is the only solution that blocks complex attacks at these levels and delivers best defense against unknown Viruses, Trojans, Worms and Spyware.
Key Highlights
Detects complex application-level attacks by malicious code that easily elude packet level inspection solutions, e.g., firewall, intrusion detection and intrusion prevention systems
Minimizes over-blocking so that users can leverage the Internet as a business tool
Deep code analysis and true type detection reveal malicious combinations of individually innocent functions
Near "real-time code interpretation" and cached behavior profiles for best performance
Saves your business time and money, letting you conduct business as usual without the IT headaches associated with security incidents
Flexible behavior blocking engine can be customized to block specific types of malicious threats, such as spyware
ONLY proactive Internet security solution that effectively combats and protects against new, unknown attacks driven by Active Content
Breakthrough in Security and Performance
Finjan has implemented a revolutionary two-step scanning approach, consisting of pre-scanning and deep content scanning. This enables Finjan to achieve close to "real time code interpretation" for pinpoint detection of unknown viruses, spyware and other types of malicious content. When active code is scanned, a behavior profile is generated for that code and cached. The next time the same active code enters the system, its profile can be used without having to rescan it, saving resources and boosting performance.
Benefits of Deploying Application-Level Behavior Blocking within Finjan's Vital SecurityT Solutions
Finjan's Vital SecurityT appliances leverage synergies between the Application-Level Behavior Blocking and other security engines (e.g., Vulnerability Anti.doteT, Anti-Spyware, Anti-Virus, URL Filtering) to provide the best and most comprehensive content security solution. These synergies are implemented in Finjan's rule-based Policy Management system, which enables each organization to create highly granular security policies for any user or group of users, based on their particular responsibility and access rights. For example, rules can be defined to:
Block ActiveX and Java Applets from entertainment sites
Prevent uploads of MS Office documents to webmail sites
Block IM conversations if the word "confidential" is used
Advantages over Packet-Level and Other Types of "Proactive" Solutions
Many products claiming to be "proactive" actually monitor the patterns and tell-tale signs exhibited by the network traffic, rather than the content's behavior. Packet inspection products (e.g., intrusion detection and intrusion prevention systems), have difficulty in identifying complex attacks, such as spyware and phishing, that do not leave identifiable "fingerprints" at the network or data layers.
Heuristics are used by Anti-Virus engines to identify variations of known viruses based on "telltale" signs, but are not intelligent enough to decipher obfuscated code and are prone to false-positives.
Firewalls are no longer sufficient for preventing today's malicious code, because complex threats, such as spyware and phishing, enter the network via port 80 (HTTP) and port 443 (HTTPS) which are typically left open in the firewall.
Intrusion Detection System products are designed to detect situations when the network has already been infected and at best can help to control the damage.
Intrusion Prevention Systems and similar "smart packet filtering" solutions usually attempt to identify communication patterns (e.g., rate of transmission) of packets coming into the network, rather than analyzing application-level behavior.
Only at the application level is it possible to understand the full context of the execution environment and accurately determine the real behavior of a given piece of content once loaded into the browser. Finjan's Next Generation Application-Level Behavior Blocking solution is unique in its ability to determine whether Active Content complies with your company's security policy - letting you conduct business as usual and keeping you a step ahead of the next attack.
