Exploits Explained Document

This document covers some of the core exploit mitigation methods available in Intercept X.  It is a good brief and comparison between Intercept X and other vendors.

Note this does not cover all of the good tech we have, like RCA, Cryptoguard, Web Protect and more. but if you want to know more about exploits it is a great place to start.

 

  • Very interesting. i would like to understand when and how general exploit described inside the CVE list are covered or not by Intercept X. I mean how to know which CVE are already mitigated from intercept X ? Reading your document I found just CVE-2013-5331 & CVE-2014-4113. This means that just only that 2 CVE are mitigated from Intercept X?

    I would also add another topic correlated to Sophos Firewall: the list of CVE mitigated inside the IPS Section of for example XG firewall provide a mitigation also of the Exploit explained inside Intercept X? Are the same CVE ? Are there a "double" mitigation in case I have IPS firewall XG and Intervept X on the client ?

    Others vendors firewall provide a full list of CVE that the firewall "covers"\protect and you can subscribe automatic newsletters to reiceve update.

    Is possible to do this for Intercept X and for XG Firewall?

  • Hi Fabio,  The way Intercept X addresses vulnerabilities may be different than most vendors. Instead of identifying a vulnerability and placing a block or patch on the system for a given software component intercept X is looking to prevent the techniques that are used to take advantage of the vulnerabilities.   By addressing the methods that adversaries use  we can stop them from performing a stack pivot, heap spray or a number of other techniques. What this does is allow us to prevent these types of attacks without having to have prior knowledge of a vulnerability.  The good thing is this protects software from attack even when the vulnerability is not yet known by the software manufacturer and is a zero-day. The draw back to this approach is that we do not maintain a list of CVE's that we guard against. We are not patching the vulnerability or preventing it from being triggered, we are instead looking for the act of exploitation of software.

    The question on the XG Firewall and how it mitigates CVE's will have to be taken up by the XGFW forum, but the answer to the question of would we have multiple layers of protection with an XG FW and Intercept X is YES, you would have multiple layers of protection. The XGFW may be preventing the attack by observing the network traffic and the endpoint is preventing the attack by detecting the exploit technique is use.

  • Thank you very clear. For marketing and sales purpose is more harder to explaine how intercepet X cover the "famous" CVE list. I will use your clear argument to compose a good "defense" answer.

    I will open a topic regarding CVE on XG forum. ;)