New │ Break through the limitations of conducting signature comparisons in information security, innovative system equipped with abnormal behavior analysis mechanism.
Impact │ The technology has been transferred to the private and military sectors, assisting businesses in the development of next-generation information security products, and enhancing military units in the establishment of information security threat detection platforms.
Key │ By combining the highly innovative Hypervisor Monitor and Virtual Time Acceleration technologies with patented technologies such as the abnormal behavior analysis mechanism, CIA effectively enhances the detection of new information security threats.
Evidence │ The tech product has received the "2014 Annual Information Month Top 100 Innovative Products" and the "National Invention and Creation" awards. Internet technology is growing by leaps and bounds, bringing unimaginable conveniences to our daily lives. However, what follows ensues are various forms of information security threats. These constantly evolving information security threats invade our lives in numerous ways, many of which are previously unknown. Since most attacks are targeted at specific groups of individuals, the small number and scope of victims limit the collection of threat samples. Conducting signature comparative analysis proves difficult, making it even harder to establish effective defense mechanisms.
Due to these concerns, the Institute for Information Industry (III) has developed the Cloud-threat Intelligence Appliance (CIA). By using an innovative system with an anomaly analysis mechanism, combined with technologies such as the Hypervisor Monitor and Virtual Time Acceleration, the CIA's system capabilities extend way beyond traditional information security signature comparisons, and are capable of analyzing abnormal behaviors within the system with extreme efficiency. CIA provides effective detection of new types of targeted information security threats, and offers next-generation solutions for information security threat defense.
CIA's Two Special Technologies - Highly Covert and High Detection Efficiency
The Hypervisor Monitor technology is conducted through hardware virtualization (Intel-VT) mechanisms. Without changing the system environment, the bottom-layer can be monitored while responding to top-layer system activities. This makes it difficult for malware to identify the detection system, resulting in a much higher anti-evasion performance. Through the behavioral analysis of suspicious files within the virtual environment, file anomalies can be identified without relying on signature detection, thereby providing effective defensive measures against new and unknown threats.
Virtual Time Acceleration is a patented technology developed exclusively by III for enhancing system detection efficiency. By adjusting and synchronizing the virtual layer to the virtual timer cycle and the RTC's timer speed parameters, the refresh frequency of time on the virtual system has been altered; this causes a virtual acceleration that significantly increases the system's efficiency for monitoring behavior.
By combining the steps described above with the analysis capabilities of the Hypervisor Monitor, we are able to break through the bottleneck of traditional VM sandboxes being easily fooled by anti-detection mechanisms, and achieve a higher level of concealment. Virtual Time Acceleration, on the other hand, greatly improves the detection efficiency of virtual systems. Both core technologies operate at the virtual layer, and in terms of analytical software, the CIA system offers excellent concealment and more comprehensive software behavioral detection capacities.
Strengthens Security for National Defense Data - Enhances Product Value
The CIA system has already achieved empirical success in the business sector; it is capable of analyzing tens of thousands of email attachments daily, as well as intercept new types of targeted threats that ordinary anti-virus software are unable to detect. This key technology has been transferred to the military sector to assist in the establishment of an information security threat identification platform, which will be able to successfully detect and eliminate invasive malware, thereby strengthening the security and protection of national defense data.
In addition, III will also transfer the CIA system to Taiwan's three major anti-spam enterprises, assisting businesses with upgrading their products from anti-spam to anti-APT. The product values of businesses will quadruple to NT$200, 000 per unit. Related products are distributed in markets across Europe, North America, Japan, China, and the Middle-East, thereby effectively enhancing product added value.
The technologies used by CIA system have now appeared in 8 information security related international publications, and have been awarded multiple patents in Taiwan, the United States, Mainland China, United Kingdom, and Japan. The system has been awarded with the "2014 Information Month Top 100 Innovative Products" award, and a silver medal in the "National Invention and Creation Award" issued by the Intellectual Property Office, Ministry of Economic Affairs.
In the future, not only can the CIA system be used in combination with existing information security products (such as firewalls or invasion detection systems) for enhanced protection, it will lead the entire information security and network sectors in developing high value protective equipment that protect against targeted threats. CIA will also enhance the security and protection of virtual environments, as well as enable information security monitoring service providers to offer information security value-added services on cloud-based security platforms that integrate cloud-based threat risk analysis with information management. CIA has contributed to the establishment of Taiwan's Cloud Security Operation Center (Cloud SOC), driving the entire sector towards the total solution development of offering "Cloud Security as a Service."
Future Vision
Advancements in Internet technology bring convenience to our everyday lives, but they also bring new threats to information security. The Cloud-threat Intelligence Appliance combines key technologies to integrate cloud-based threat risk analysis and information management for providing value-added services.