Sober Virus - Yenra

Zero-day elements detected by behavior-based protection in front of the router that looks for the abnormal traffic patterns

E-Mail

An e-mail worm, W32/Sober.k@MM, began making the rounds on January 30. Though its threat level already has been increased from low to medium, networks protected by the DeepNines Security Edge Platform don't have to worry about the Sober virus worming its way into their networks.

"This Sober virus is an example of zero-day elements that will continue to give some enterprises a fit," said Dan Jackson of DeepNines Technologies. "That's the problem with so much of today's network security -- it can't help you until a virus has already penetrated the network and had its wicked way with you. That kind of after-the-fact security isn't really security at all."

DeepNines Security Edge Platform uses behavior- and signature-based analysis to inspect all traffic coming into the network. It is able to detect the abnormal behavior of unknown attacks that might otherwise be missed. In the case of W32/Sober.k@MM, the strange traffic patterns caused by the virus send up a red flag for the security edge platform, which stops and traps bad traffic from its invisible location outside the edge of the router.

DeepNines Technologies integrates leading best-of-breed anti-virus software as an additional layer of protection in front of the router. DeepNines Security Edge Platform provides both known and unknown security protection. The behavior-based protection constantly is looking for the abnormal traffic patterns while the signature based anti-virus looks for the known. The combined solution provides better assurance for the vulnerable networks.

The DeepNines Security Edge Platform, which is placed in front of the router, ensures that all packets coming into and out of the network are inspected for malformation or malicious behavior. The platform's behavior monitors also determine if there is an increase of traffic to vulnerable ports and further inspect that traffic for malicious intent.

DeepNines operates outside the network infrastructure to prevent known and unknown attacks from entering an organization's network.