Application virtualization for threat protection developer Invincea
announced the expansion of its security product line with the introduction of
Document Protection, an optional extension to the company’s Browser Protection
platform. The Document Protection platform protects users and the enterprise
networks they are connected to against malware embedded within PDF documents.
Built on the same security paradigm of Browser Protection, Document Protection
moves Adobe Reader into a virtualized environment isolated from the desktop.
PDF documents are moved from the native operating system into a separate and
secure virtual environment where the document is opened in Adobe Reader.
Exploits of Adobe PDF documents were the No. 1 leading cause of infections in
2009, according to Symantec’s April 2010 Internet Security Threat Report.
“I’ve long thought that there was a need in the market for a secure,
virtualized browser solution," said Richard Stiennon, chief research
analyst at IT-Harvest. "Browser Protection is an innovative solution that
addresses the enormous Web-borne malware threat. With the addition of its
Document Protection solution aimed at closing the gaps in PDF security, the
company is taking the majority of today’s Internet threat vectors off the
table."
If any malicious behavior is initiated—for example, execution of a malicious
script, a buffer overflow exploit, or exploits of native APIs and system
commands—Document Protection automatically detects the threat, terminates it
and captures forensic data that can be fed to the rest of the security
infrastructure. Then the tainted virtual environment is removed from the PC,
and Document Protection restores to a gold master, clean state.
"The use of PDF exploits is on a sharp incline amongst malware authors.
Even Adobe has gone on record to acknowledge that they are a primary
target," said Dr. Anup Ghosh, founder and chief scientist at Invincea.
"By many estimates, nearly half of all security threats came from Adobe application
exploits during the 2010 calendar year. Within the past four weeks alone, news
of Adobe zero-day exploits has been widespread.”
Ghosh said the vast majority of the remaining threats were targeted at Web
browsing sessions. By coupling this offering with Browser Protection, the
company offers a solution set that eliminates the majority of malware threats.
“Our research has shown that secure full virtualization of Adobe and
Internet browsers is necessary to defend against the sophisticated threats
hitting enterprise users today,” he said. “Sandboxing and other watered-down
virtualization approaches simply cannot address the range of sophisticated
threats today that exploit flaws in software on one hand, or users’ permission
on another, to infect systems."