Phishing is, arguably, the number one threat against organizational data. The spear phishing variant is the manifestation of the phishing attack that is, perhaps, the scariest because it targets individuals instead of being an attack of opportunity.
Taken with the numerous other types of malware, it is no wonder that many security analysts believe – with good reason – that malware is the greatest threat against enterprise data with spear phishing leading the charge. Certainly this Innovator believes that to be the case.
We have been watching this Innovator since it came on the scene and we have made some observations. First, there is some very creative thinking about preventing the impact of malware attacks. The company has a deep understanding of the mechanics of malware attacks and how to detect and stop them, even if they are zero-day attacks. As well, the company listens to its customers and takes action when necessary. We have seen that on a couple of occasions and we find it gratifying.
Invincea has a pretty simple premise: As the company puts it, place the user in a bubble. The idea is that the user who surfs the net or, in fact, does anything that relates to http, is a virtual machine dedicated to the activity. The VM isolates the http-related activity and, if malware activity is detected, it closes the session, wipes the VM and rebuilds with a clean VM retaining the user’s settings. This is subtly different from using a typical sandbox for isolation because the VM is an independent entity with its own operating system, its own iteration of the browser and more.
The Enterprise Edition consists of the desktop software and the Threat Data Server. The Threat Data Server collects forensic data from thwarted attacks from every Invincea desktop on the enterprise and provides that intel to other devices – such as McAfee ePO, Splunk, NetWitness and more – for analysis. The forensic analysis is important because Invincea is adept at interdicting zero-day malware, and that information helps address this unknown code in the future. It also helps understand how to clean up the impacts of the attack should it occur on an unprotected device.