Dan's Take

Dell's Zero-Day Malware Prevention

Dell offers another approach to data security. Will it work?

• By Dan Kusnetzky
• 05/24/2016

Dell is addressing enterprise security concerns by launching Dell Data Protection. The goal of this product family is providing advanced threat protection for Windows-based thin clients and virtual desktops.

Dell Data Protection
The newly-announced product family uses artificial intelligence and machine learning to head off threats such as malware, zero-day attacks and even persistent threats by preventing malicious code from even executing.

The Dell Data Protection family of products includes:

• Dell Data Protection/Threat Defense. Offers threat protection for Windows-based thin clients such as the Wyse Windows-embedded thin clients. It's designed to work in heterogeneous environments, protecting Windows-based thin clients from Dell or any compatible manufacturer.
• Dell Data Protection/Endpoint Security Suite Enterprise. Although the name is quite a mouthful, this product offers threat protection, authentication and file-level encryption to Windows-based virtual desktops.

Dell's Jeff McNaught, Executive Director of Marketing and Chief Strategy Officer at Dell Cloud Client-Computing, says that "Other vendors depend on a 'detect and remediate' approach that alerts IT staff to an attack after the damage has been done."

Prevent and Protect
In contrast, he says that Dell "Employs a 'prevent and protect' approach that prevents these attacks from succeeding, and has been shown to be 99 percent effective against even zero-day and polymorphic malware attacks, well above the catch rate of traditional anti-virus products based on malware signature recognition."

Dell says that its Endpoint Security Suite Enterprise includes authentication and data encryption to protect the data, whether at rest or moving between people and devices. The company claims that "this additional level of protection is more effective than simple disk encryption, and prevents attackers from getting usable data in the event of a breach."

Dell's making this technology available across all Windows virtual desktops running Citrix, Microsoft or VMware software. It also points out that this technology makes it possible for enterprises to address major regulatory protection and reporting requirements such as PCI DSS, HIPAA and HITECH.

Sorting Out the Contenders
There are many suppliers of security software designed to address today's ongoing, ever-present network security threats. Most of these products attempt to match application code to a database of known threats (signatures), and mark applications, email attachments and even HTML files downloaded from Web sites to protect first, the end point device itself, and also to deny malicious code an entry point into the enterprise network.

A few suppliers, such as Bromium, take a different route that uses limited, extremely lightweight virtual machines (VMs). Applications are made to execute in these lightweight VMs and are not allowed access to all of the systems resources.

Furthermore, attempts to reach outside the allotted resources are logged and prevented from completing. Malicious code is simply deleted when the lightweight VM is wound down. Suppliers of modern Web Browsers, such as Microsoft, Google and Mozilla have added this type of technology to the newest versions of their software.

Dan's Take: A Good Start, But Needs Expansion
Dell is taking a different approach, one that the company says will consume less client-side CPU power. It's relying on, in its words, "machine learning and artificial intelligence to analyze the files prior to their execution, and determine what is safe and what isn't before they can even run." This approach doesn't rely on a database of signatures. This means that new threats can be addressed immediately, rather than forcing enterprises to wait for a threat to be discovered, its characteristics learned and a threat signature developed based on what the code's trying to do.

Dell claims that its approach will provide a much more efficient approach than offered by traditional anti-virus solutions. Dell believes its approach will be effective against past threats as well as against the latest malware.

Will this approach shoot down attacks and bring us a safer network? That isn't yet clear. What is clear is that Dell is serious about addressing the threat. The next question: when will Dell bring its technology to Android, iOS, OS X and Linux-based clients to complete the enterprise endpoint security question?