Advanced Malware Appliances


Advanced malware appliances defend the network from malicious files, or malware. According to Gartner, “The advanced threat prevention appliance market is defined by appliance-based products whose primary purpose is to capture and evaluate network traffic in order to detect and/or prevent advanced forms of customized targeted malware.” Advanced malware appliances typically use one of the following techniques to detect malware: program emulation, object code walkthrough with static analysis, or sandboxing. Currently, more of the excitement in the market is centered on dynamic sandboxing approaches, but there are undeniable advantages to other techniques. Static analysis examines object code without actually executing the code. It examines all possible execution paths and variable values, uncovering attacks that may not immediately manifest (they could occur weeks or months after initial execution). On the other hand, sandboxing, or dynamic analysis, analyzes the behavior of the malware during runtime. It discovers attacks and malicious behavior that are typically too complex to be discovered by static code analysis.



MORE ON IT Security