Research shows web security products perform well against exploit kits

Posted by   Martijn Grooten on   Aug 24, 2016

Among the security community a lot of research effort is dedicated to analysing exploit kits and their constantly evolving methods of frustrating researchers while infecting ordinary users with malware. A lot of this research is then used to design and build products that aim to prevent exploit kits from infecting users. But how well do such products work?

In our VBWeb tests, we look at web security products and their ability to block malicious traffic, in particular exploit kits. This week, we published reports on Trustwave Secure Web Gateway and Fortinet's FortiGate, two products that both blocked almost all of the exploit kits they were served, and which duly earned VBWeb certification.

VBWeb.jpg

In our lab, we are testing several more products. Late last month, we looked at five web security products and tried to answer the question: how likely are exploit kits to bypass such network-based defences?

Of the five products, three were running in our lab with two others being cloud-based. The exploit kits that were served were live* at the time the requests were made.

During the period 28 July to 2 August, we tested 54 instances of four prominent exploit kits: 31 instances of RIG, 12 of Neutrino, 7 of Magnitude and 4 of Sundown.

The five products blocked between 47 (87%) and 54 (100%) of these exploit kits, with Neutrino being the hardest to block and Magnitude being blocked by all products.

This is certainly good news. Of course, good security hygiene, such as keeping devices, software and plug-ins up to date, is the first and most important step in preventing exploit kits from infecting your systems and devices. But for those who can't trust themselves or their employees always to practise this (and, let's be honest, who does?) it is good to know that security products can provide an important extra layer of defence.

For more information about submitting your product to our VBWeb tests, please contact Martijn Grooten (martijn.grooten@virusbulletin.com).

Magnitude exploit kit downloading Cerber ransomware

* For the locally hosted products, we were able to confirm that the responses they were served would indeed have infected the computer accessing the exploit kit. This is not the case for cloud-based solutions, where we can't control the traffic sent to the product. In a majority of cases, we have reasons to believe the exploit kit wasn't fully sent, possibly due to the IP address being "blacklisted". Of course, for the end-user, this doesn't make a difference.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

New paper: LokiBot: dissecting the C&C panel deployments

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. In a new paper researcher Aditya Sood analyses the…

VB2019 presentation: Building secure sharing systems that treat humans as features not bugs

In a presentation at VB2019 in London, Virtru's Andrea Limbago described how, by exploring data sharing challenges through a socio-technical lens, it is possible to make significant gains toward the secure sharing systems and processes that are vital…

VB2019 presentation: Attor: spy platform with curious GSM fingerprinting

Attor is a newly discovered cyber-espionage platform, use of which dates back to at least 2014 and which focuses on diplomatic missions and governmental institutions. Details of Attor were presented at VB2019 in London by ESET researcher Zuzana…

Why we encourage newcomers and seasoned presenters alike to submit a paper for VB2020

With the call for papers for VB2020 currently open, we explain why, whether you've never presented before or you're a conference circuit veteran, if you have some interesting research to share with the community we want to hear from you!

VB2019 paper: The cake is a lie! Uncovering the secret world of malware-like cheats in video games

At VB2019 in London, Kaspersky researcher Santiago Pontiroli presented a paper on the growing illegal economy around video game cheats and its parallels with the malware industry. Today we publish both Santiago's paper and the recording of his…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.