Offical Blog

Barrier1 was Designed to Stop Polymorphic Attacks

 The race between the hackers/cyber criminals and the security pros over the protection of digital assets and sensitive information continues and is actually escalating at a furious pace. Over the years, attackers began to change there methods. The security pros countered with solutions that required individual “Point Solutions”. Firewalls, Anti-Spam, Anti-Virus, Web Content filtering, IDS/IDP, Traffic Shaping, etc. were brought to the market to solve the security problems at hand. Then cyber attackers began to change again and a “List Based Systems” were brought to the market. Today, static libraries of signatures and definitions used to detect attacks are no longer the total solution. The spamming and virus writing community has learned how to get around these list based systems. At the same time everyone thinks they are secure- YOU ARE NOT. NOW WE HAVE POLYMORPHIC ATTACKS.

 Polymorphic attacks are not new but there abilities are showing up more often.  Polymorphic are designed with the purpose of not being detected.  They accomplish this goal by having the ability to mutate with each instance. This gives the attacker the ability to walk through the traditional signature and list-based systems. One of the mutating or changing aspects of these attacks is the “Data Payload”. Each attack has different byte content.  The method used to skirt most IDS systems and Anti-Virus systems is a method which changes the byte frequency in the payload.  The signature only and the Packet Header IDS systems will not detect this. Barrier1, will detect polymorphic attacks because they have learned what is a normal data payload stream for the organization. Thus, when any deviation from the normal profile occurs, it is blocked and reported.  Yet, it gives a high degree of accuracy in terms of false positive and false negative measures.

 Barrier1 with its Advanced Intelligence will detect polymorphic attacks.  Barrier1 with its designed criteria of “ Intelligence”, monitors the Packet Header and signatures as well as the “Data Payload” and learns what normal traffic on your network is. In the event there is an abnormal or unusual change in the Data Payload, Packet headers, and other attack vectors,  Barrier1 would alert and if in full automation mode, would block the transmission then report..