Put a stop to memory exploits with BOUNCER by CoreTrace
Memory exploits are a leading form of malicious attack. Infamous exploits like 2001's CodeRed worm (that took advantage of buffer vulnerabilities in Microsoft's Internet Information Service, or IIS) and 2003's SQL Slammer (which exploited Microsoft SQL Server 2000) wreaked havoc on enterprises around the world.
Despite the prevalence and damaging nature of these attacks, many traditional security solutions do not have any way to prevent them. Even worse, most memory attacks are a means to an end — for instance, the Microsoft IIS memory exploit was a delivery method for the CodeRed worm. Memory exploits can also allow a hacker to inject a DLL library onto a system, hopelessly compromising it.
For applications that are not on BOUNCER's whitelist, memory vulnerabilities are not a concern because the application itself cannot run.
BOUNCER takes application whitelisting to the next level to deal with these kinds of exploits in applications that are actually on the whitelist. When BOUNCER catches code running from the heap, stack, data segments or anywhere else it shouldn't be, it runs a hash on the kernel mode drivers in the memory and check it against the kernel module list. If the process does not come from the approved list, it does not run.
If a process is not launched by an approved application, and is not running in an expected or known location, it will not execute. There are no extra steps for administrators to take, no extra patches — BOUNCER extends the whitelist seamlessly to cover these exploits.
View our archived webinars preventing and dealing with memory exploits.
Supporting & Related Resources
Looking for more or maybe something else? Try the CoreTrace Resources section.