Security vulnerability research companies search for vulnerable applications and disclose their findings to application vendors, governmental agencies, and operating system vendors. Often this information costs a substantial fee. For example, vulnerable code found inside a browser, such as Internet Explorer or Chrome, can cost thousands of dollars.
Agencies around the world typically pay high amounts of money in exchange for exclusive access to vulnerable code. An agency’s motivation for doing so would be to insure that the vulnerable code is not disclosed to vendors. While such motivation may strike some as reasonable, it is on the whole detrimental, as it provides an advantage for potential attackers to use vulnerable code to steal information, infiltrate sensitive infrastructure, and distribute its malicious code without being detected.
A recent post on “The Hacker News” explains that a security vulnerability research company discovered a serious Internet Explorer zero day vulnerability. If exploited, the vulnerability would give attackers room to maneuver around Internet Explorer’s sandbox mechanism. Despite the gravity of such a scenario, the company did not disclose the vulnerability for three years, opting instead to hold on to the information until it could sell it to the highest bidder.
What if during that time another party purchased the exploit exclusively? This would mean that the company that uncovered the bug would not publish any information about this specific code, thereby keeping it out of realm of community discourse and remediation. In turn, the new exploit could target Internet Explorer intending to install malware undetected. Such an outcome would compromise the browser and affect its users around the globe.
Mitigating these types of attacks is not easy. Certain defense systems, like Microsoft EMET, are effective at detecting some, but not all exploitation methods. The present moment calls for a more robust line of defense, one that prevents potential attacks without slowing down performance.
SentinelOne EDR (Endpoint Detection and Response) detects this type of vulnerability with our behavioral-based predictive execution modeling engines. These engines examine the actual method of exploitation rather than a specific exploit or shell code. It also blocks threats without knowing the attack binary, making it the first true defense against targeted attacks. Software will always have bugs, and people will always try to find them. Occasionally these bugs are used for criminal activity. Existing solutions, such as Antivirus, IPS, and Sandboxing are no longer capable of protecting customers from sophisticated and unknown threats. SentinelOne EDR provides true real-time protection using innovative technology that monitors and stops threats as they happen, without any signatures. By mitigating exploitation and unknown attacks, we furnish our clients with state-of-the-art protection that is as fast as it is reliable.