Defeating Memory Attacks with CoreTrace Bouncer
Putting a Stop to Memory Exploits
In addition to its kernel-based application execution control, Bouncer delivers the most advanced memory protection available today. It features an unparalleled ability to detect and mitigate memory-based library injection attacks in near real-time.
Current technologies like Data Execution Prevention and Address Space Layout Randomization help to improve memory and system security, but they are still being defeated by the ever evolving threat. Once an attack bypasses these traditional security technologies, techniques such as Reflective Memory Injection (RMI) allow for an attacker to inject libraries into vulnerable applications and services. Injected libraries can include VNC servers, network scanners, keyboard loggers, and powerful attack suites.
Once an RMI is in place, it is virtually impossible to detect with traditional technologies. CoreTrace has implemented advanced, patent-pending technology into Bouncer that identifies RMI and other library injection techniques from the security of the operating system kernel and can quickly terminate infected applications and non-critical services.
How Memory Attacks Work
As one of the most insidious forms of malicious attacks, memory exploits can compromise your systems in many ways, including:
- Providing delivery methods for worms and other malicious code
- Taking advantage of buffer overflow vulnerabilities
- Writing to kernel memory
- Enabling hackers to inject a DLL library onto a system
How Bouncer Can Help
Bouncer is designed to stop these attacks by not only preventing the execution of unauthorized applications but also by controlling the code running in memory. Bouncer helps you:
- Ensure that vulnerability-leveraging payload cannot execute
- Prevent the execution of any process that is not launched by an approved application
- Stop attempts to inject DLL libraries or write to kernel memory
- Implement patches in a more deliberate and measured manner
- Report all unauthorized application execution attempts