It is Time To Move Past Vulnerability Scanning To Anti-Exploitation
239 views 
One big trend I’ve been seeing is the shift towards anti-exploitation technologies. For those who don’t know, anti-exploitation is where you build in defenses to operating systems and platforms so that when there is a vulnerability (and there will be a vulnerability), it is difficult or impossible to exploit. Java was my first introduction to the concept at the application level (sandboxing), and Vista at the operating system level.
There’s no single anti-exploitation technology, but a bunch of techniques and features that work together to make exploitation more difficult. Things like ASLR (library/memory randomization), sandboxing, and data execution protection.
Most of the anti-exploitation focus today is on operating systems, but conceptually it can be applied anywhere. One of my big concepts in Application and Database Monitoring and Protection (ADMP) is building anti-exploitation into business and (especially) web applications. I’ve even converted from credit monitoring to credit protection (via Debix) for anti-exploitation against identity theft.
As an example of
As an example of Anti-Exploitation technology, anomaly-detection techniques are being applied on various levels.
* SPAM - Spammers will always find ways to send in spam messages ( something like a vulnerability that you cannot patch ); so we have various spam filters based on fuzzy logics and Anomalies to detect spam.
* Network - To detect 0-day exploits, various IDS vendors now apply anomaly-detection which can detect variations in protocols, traffic-flow and more.
* Web Applications - Some new fraud detection tools applied by financial companies detect anomalies in user activities to detect any signs of exploitation.
We are seeing more and more implementations of Machine-Learning algorithms in Information Security domain, both in security tools and in malwares :)
Post new comment