Microsoft security engineer Matt Miller said at the 2019 Israel Security Conference that 70% of all vulnerabilities that Microsoft products have fixed in the past 12 years are memory security issues. In the past year, memory security issues have become increasingly serious, and memory protection technologies have also begun to be valued. Memory security issues are the largest source of *** facing various systems and applications, often with 0day vulnerabilities and no files *** at this stage * ** Commonly used *** means, which has also become a pain point for enterprises in building safety capabilities.
The application of memory security-related products in foreign countries has begun to take shape. In 2016, Gartner listed memory protection technology as one of the top ten information security technologies for the future. In 2018, CRN ranked memory security products as the top of 20 popular security products. product. As a star company in the field of memory security in China, Anxin Network Shield's memory security product Anxin Shenjia Intelligent Memory Protection System supports multiple deployment models and is widely used in government, finance, medical, military, energy and other important fields. In January 2020, in the "China Cybersecurity Capability Atlas" released by the domestic cybersecurity professional consulting organization, Shishi Consulting, memory security was paid attention as a new mainstream in endpoint security and a classification with distinctive characteristics.
1 Core concept: What is memory security?
The core principle of memory security is from the computer architecture, any code that needs to be executed by the CPU and processed data needs to be stored in the memory. Memory code and data status can be monitored by monitoring CPU instructions. Through memory virtualization and other technologies to monitor memory read, write, and execution behavior can effectively prevent various threats. Memory security is composed of memory monitoring, program behavior monitoring, intelligent analysis, system security enhancement, and security response. It can prevent abnormal memory access and malicious code execution and other *** behaviors to build a complete memory security environment for computer systems.
2 Core functions: What are the capabilities of memory security?
⦿Vulnerability detection and defense
Through fine-grained monitoring of memory read, write, and execution behavior, it can detect abnormal behavior such as stack code execution and memory data coverage in memory in real time, combined with an interception module to efficiently prevent vulnerabilities ***.
⦿ Memory data anti-theft
uses hardware virtualization technology to manage key business in memory, and through business association analysis, monitoring applications to read, hook, and tamper with business-related memory data to protect business core data assets from being steal.
⦿Threat behavior analysis is
based on the monitoring of the CPU instruction set, monitoring memory code and data status, real-time perception of memory data flow status and specific behavior of the program, and AI technology to identify viruses in real time, which can defend against known and unknown viruses.
3 Core value: How can memory security empower businesses?
⦿Protect unknown threats ***
Networking means are complicated, intelligent, and organized. The traditional three old methods (firewall, *** detection, anti-virus) are just added *** ** * Cost, the protection scheme based on the rule matching mode, has almost no defensive ability in the face of the new model.
Memory security products do not depend on the traditional signature database matching mode. Anxin Network Shield memory security products intelligent memory protection system monitors memory data based on hardware virtualization technology and analyzes the memory data to achieve memory-level application monitoring. By monitoring program memory behavior and execution path, new types of protection are effectively protected.
⦿Protect business continuity
Traditional security solutions focus on network protection and authorization, and cannot defend against memory-based ***, which happens inside the program.
The memory protection technology detects and blocks *** in real time by mapping the legal execution path of the program. Ensure that core business applications only run as expected, and will not suffer from virus theft or vulnerability triggers, effectively protecting business continuity.
⦿ Resolving threats that cannot be prevented by whitelist security The
security boundary is disappearing and endpoint security has become a trend, but most endpoint security solutions focus on user equipment, system compliance and system security, and will generate a large number of false positives. The use of program whitelist technology is increasing, but it is still unable to defend against white utilization and no files ***, and memory security can effectively protect against such threats.
⦿ Three-dimensional, accurate protection
Traditional security products only run at the application layer or system layer. Memory security products can provide organically combined three-dimensional protection at the application layer, system layer, and hardware layer. Traditional security products generate a large number of alarms but are difficult to respond to. Memory security products can accurately defend against various types of *** and stop them before threats cause damage.
4 Application scenario: What is the application scenario of memory security?
Despite the large number of security products deployed by enterprises and organizations, *** s are still able to easily break through layers of defense, and complex networks are constantly increasing. Memory security products are based on real-time program behavior monitoring, memory operation monitoring and other technologies to protect memory at the application level, to ensure that users' core business applications only run as expected, and are not subject to virus theft or vulnerability triggers. Effectively protect customers' core business from being blocked and core data assets from being stolen.