F-Secure releases Blackhole, Cool and Citadel botnet-bashing DeepGuard 5 tool

F-Secure has rolled out its latest DeepGuard 5 behaviour-based analysis technology, promising it will help firms protect themselves from key threats, like the Blackhole and Cool exploit kits.
The Finnish firm said DeepGuard 5 will offer users unprecedented protection by blocking new and emerging threats and intercepting exploits using behaviour data, not the vulnerability they are exploiting like most analysis tools do.
The technology monitors a vast array of areas including the processes of programs that are commonly exploited, such as browsers, plugins, Microsoft Office and Java, as well as programs often used as mules for malware, such as PDF files and Office documents. The tool activates if any of the above checks spot harmful behaviour, blocking any associated activity to avoid infection.

F-Secure security advisor, Sean Sullivan told V3 the tool is the firm's most sophisticated to date. "Basically, we are now monitoring a higher, more generic level. Earlier versions of our behavioral engine monitored how suspicious applications interacted with the OS. Now, DG5 can monitor how known good applications behave – and can determine if they are being exploited," he said
"Take MS Word for example. We didn't monitor that application in the past – hooking directly into it could have made it unstable – and we don't want that. DG5 is able to more generically monitor good applications' behavior for suspicious activity."
Sullivan added that the upgraded approach to analytics is an essential step in the security industry's ongoing battle to counter the recent influx of sophisticated threats targeting industry.
"It's via known good applications that companies are being exploited. So a better behavioural engine is definitely a useful thing to have in your AV. Top-line antivirus technology stopped being about blocking bad guys on a wanted list years ago," he said.
"Blocking malware requires understanding its behaviour. That's why we developed our first version of DeepGuard in 2006. And this newest version is our most powerful learner of bad behaviours yet."
DeepGuard 5's release follows widespread warnings within the security industry that criminals are developing new, sophisticated ways to target businesses. Most recently ex-FBI agent and current Kroll Cyber Investigations managing director Timothy Ryan told V3 that firms need to improve alert systems to deal with the increased threat.