Put a stop to buffer overflows and memory exploits with BOUNCER by CoreTrace
Buffer overflows and other memory exploits are a leading form of malicious attack. Infamous buffer overflow exploits like 2001's CodeRed worm (that took advantage of buffer vulnerabilities in Microsoft's Internet Information Service, or IIS) and 2003's SQL Slammer (which exploited Microsoft SQL Server 2000) wreaked havoc on enterprises around the world.
Despite the prevalence and damaging nature of these attacks, many traditional security solutions do not have any way to prevent them. Even worse, most buffer overflow attacks are a means to an end — for instance, the Microsoft IIS buffer exploit was a delivery method for the CodeRed worm. Buffer exploits can also allow a hacker to inject a DLL library onto a system, hopelessly compromising it.
For applications that are not on BOUNCER's whitelist, buffer overflow vulnerabilities are not a concern because the application itself cannot run.
BOUNCER takes application whitelisting to the next level to deal with these kinds of exploits in applications that are actually on the whitelist. When BOUNCER catches code running from the heap, stack, data segments or anywhere else it shouldn't be, it runs a hash on the kernel mode drivers in the memory and check it against the kernel module list. If the process does not come from the approved list, it does not run.
Essentially, if a process is not launched by an approved application, and is not running in an expected or known location, it will not execute. There are no extra steps for administrators to take, no extra patches — BOUNCER extends the whitelist seamlessly to cover these exploits.
BOUNCER is so effective in preventing buffer and memory exploits that if an overflow attack is in process, it will place the endpoint in lockdown, terminate the exploit, and often go so far as locking up the attacker's toolkit.