The researchers at Microsoft are working on a new automated vulnerability analysis tool called Paladin, which will be included in the next version of the company’s Forefront enterprise security suite. The new technology was unveiled at CanSecWest last week and is designed to speed up the process of analyzing exploits and how the malicious code works.
Building from MS Research and Incubation we are working from a base of technology previously referred to as “Vigilante”. Vigilante was designed as an automated worm containment system. We leverage dynamic dataflow analysis to track the use of untrusted data and to block it from being executed. It contains program instrumentation which is used to enable monitoring of how untrusted data is used, a detection engine which utilizes dynamic data-flow analysis to identify attacks and to generate alerts, and a filter generator which creates signatures against the attack.
The results of this technology are very positive on memory corruption vulnerabilities and allow our research team to decrease dramatically the amount of time spent analyzing those vulnerabilities. While it is true that there are types of vulnerabilities that Paladin is not perfectly suited for today we are working diligently to extend this capability towards even broader coverage and higher efficacy. Expect to hear more about Paladin in the months to come and to benefit from this and related research today if you are a customer running the beta of the next version Forefront Threat Management Gateway with our Network Inspection System.