NitroSecurity Releases Updates to Address Conficker Worm

Share Article

New detection signatures & techniques across the company's IPS, Log management, and SIEM products combine to detect, block, and isolate Conficker.

When threats become this sophisticated, point-defenses aren't enough; everything has to work together

NitroSecurity, Inc. today released additional signatures and updates to bolster protection against the growing threat of the Conficker worm. NitroSecurity utilizes IPS blocking technology, windows registry & log monitoring, and SIEM correlation features all as one integrated solution to detect and block the Conficker worm. The worm has been unusually difficult to counter because of its combined use of advanced malware techniques. Since Conficker was first discovered, NitroSecurity has released over fifty signature and policy updates to address worm variations and obfuscations.

NitroSecurity's approach provides tiered protection: first through a series of IPS signatures that can block new Conficker attacks; and then through a series of techniques to detect symptoms of a Conficker infection, including Windows registry changes, the shutdown of security services, and the creation of .dll files, all of which can be indicative of a Conficker infection. If a network is infected, NitroSecurity's Security Information & Event Management product, NitroView SIEM, combines Conficker-related actions from the IPS, information from relevant Windows logs, and system vulnerability information to easily manage the root cause, identify the vectors used to propagate the worm to other systems, and quickly identify any systems that are at risk.

"Especially in large networks, a layered approach to security is the best defense against worms such as conficker, which go to lengths to cover their tracks," said Michael Leland, NitroSecurity's Chief Technology Officer. "Stopping the threat outside of your network is ideal, but if it does get in, a comprehensive approach including log analysis and SIEM capabilities will help spot the worm, track it, and remove it." The solution, which correlates security data from multiple systems to detect and block complex attacks, was first used by NitroSecurity to successfully block DNS exploits that were announced last year at DefCon. "When threats become this sophisticated, point-defenses aren't enough; everything has to work together," Leland added.

The Conficker worm, which first surfaced in October 2008, targets Microsoft Windows operating systems.

About NitroSecurity
NitroSecurity develops security information and compliance management solutions that protect business information and infrastructure. NitroSecurity solutions reduce business risk exposure and increase network and information availability by removing the scalability and performance limitations of security information management. Utilizing the industry's fastest analytical tools, NitroSecurity identifies correlates and remediates threats in minutes instead of hours, allowing organizations to quickly mitigate risks to the organization's information and infrastructure.

NitroSecurity serves more than 500 enterprises across many vertical markets, including healthcare, education, financial services, government, retail, hospitality and managed services. For more information, please visit nitrosecurity.com.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Eric D Knapp
Visit website