Endeavor Security has launched what it claims is a new way of detecting obscure malware before it infects networks, the fruits of a research programme funded by the US Department of Homeland Security (DHS).
Endeavor operates a large network of decoy machines, called the Early Warning System, which it uses to detect new malware threats and generate signatures for security product vendors.
Now it is using this network to power a managed service of its own aimed at enterprises and government bodies. The new product, called Firstlight Active Malware Protection (AMP), was developed under funding from the DHS’s Small Business Innovation Research (SBIR) programme.
It uses a new technique for capturing malware as it transits the network, before any infections occur, according to Endeavor.
The service - which runs on an Intel-based appliance running Red Hat's Fedora operating system - is capable of detecting more sophisticated or obfuscated threats than the typical gateway appliance, Endeavor said.
Moreover, the service creates an "image" of the malware, which is then sent directly to the customer's antivirus vendor for analysis and signature generation.
Endeavor also carries out research of its own, reverse-engineering the unknown malware it captures in order to determine the command and control infrastructure, cut off further threats and detect possible existing infections on a company's network.
The resulting system is faster at heading off new, unknown malware than existing products, Endeavor claims.
The service gives administrators a dashboard view of the current state of their network, which is correlated to current threat information gathered by the Early Warning System, Endeavor said.
AMP is available now and will be formally presented at a DHS system integrator forum later this week in Arlington, Virginia.