Trusteer Apex applies a new approach - Stateful Application Control - to help stop zero-day application exploits and data exfiltration by automatically determining if actions by commonly exploited and widely used applications that process external content are legitimate or malicious. Defending against malware: A holistic approach is required - http://ibm.co/1fIYCg8

1. IBM Software Data Sheet
Trusteer Apex provides automatic and
accurate malware protection
Help stop zero-day application exploits and data exfiltration
Highlights
●● ● ●
Apply a new approach—Stateful
Application Control—to help stop
zero-day application exploits and
data exfiltration
●● ● ●
Protect commonly exploited and widely
used applications that process untrusted
external content
●● ● ●
Automatically and accurately determine
if an application action is legitimate or
malicious
●● ● ●
Help maximize security while simplifying
deployment and minimizing
management overhead
Targeted attacks and advanced persistent threats pose a serious security
threat to enterprises. In order to stop these attacks, organizations must
prevent advanced, information-stealing malware from compromising
employee endpoints. Advanced malware circumvents blacklisting tactics
for threat detection. Meanwhile, whitelisting approaches, which minimize
malware evasion, have proven difficult to implement and manage. A new
approach to effective and manageable endpoint malware protection
is needed.
The attack vectors: Application exploits and
social engineering
Advanced malware compromises enterprise endpoints in one of two ways:
●● ●
Application exploits: Cybercriminals use code embedded in weapon-
ized documents and web pages to exploit application vulnerabilities,
introduce malware into an employee’s endpoint and penetrate the
corporate network.
●● ●
Direct user install: Cybercriminals use various tactics to manipulate
the user to install an application that contains malware. The malicious
application can be delivered via a website download, an infected USB
drive, or an email attachment. Once infected with malware, compro-
mised endpoints can be used to access systems, collect data and send
it to the Internet. Data exfiltration can take place within minutes of
the malware infection, which is why it is critical to identify and mitigate
the infection as quickly as possible.

2. 2
Data SheetIBM Software
Blacklisting or whitelisting: Current
endpoint controls fall short
Despite using market-leading endpoint protection solutions,
many large enterprises are constantly breached by advanced
malware. Traditional endpoint protection solutions based on
blacklisting file signatures and malicious behaviors have had
limited impact on advanced threats that simply work around the
blacklisting rules.
Application control and whitelisting solutions allow only trusted
files to execute on the endpoints and are more resilient to
evasion tactics. However, due to the dynamic nature of the user
environment and frequent changes to application files, organi-
zations have found these solutions to be extremely difficult to
implement and maintain.
Trusteer Apex: Stateful Application
Control
Trusteer1 Apex software applies a new approach—Stateful
Application Control—to help stop zero-day application exploits
and data exfiltration. By analyzing what the application is
doing (operation) and why it is doing it (application state),
Trusteer Apex can automatically and accurately determine if an
application action is legitimate or malicious. Trusteer Stateful
Application Control enables automated enterprise malware pro-
tection that can help maximize security while helping simplify
deployment and minimize management overhead.
Trusteer Apex is designed to prevent malware from compromising endpoints by blocking the execution of files written to the file system through exploitation of
vulnerabilities.
Internet,
email,
instant messaging
Exploit
External content
Vulnerability
Exploitation of
the vulnerability
Legitimate
access
File system
Trusteer Apex
stops execution
Application
Trusteer Apex
Application exploit prevention

3. 3
Data SheetIBM Software
Stopping application exploitation
Application exploitation occurs when an application processes
malicious external content that contains exploit code. The
exploit uses known or unknown (zero-day) vulnerabilities to
write a file to the file system and execute it. Trusteer Apex
protects commonly exploited and widely used applications that
process untrusted external content, including browsers, Adobe
Acrobat, Adobe Flash, Java and Microsoft Office. Trusteer
Apex validates the application state during sensitive application
operations, such as file system access, to help ensure proper
execution. It blocks the execution of files created via exploita-
tion of vulnerabilities in these applications (for example, when
the application enters an unknown state), helping prevent
malware from compromising the endpoint.
Helping prevent data exfiltration
Data exfiltration requires the malware to communicate with
the Internet (for example, to a command-and-control server).
Trusteer Apex restricts untrusted files from executing sensitive
operations that can enable external communication, such as
opening external communication channels or tampering with
other application processes to hide external communication
traffic. Untrusted files are sent to Trusteer for analysis and are
either approved or removed from the endpoint.
Providing automated management
The Trusteer Stateful Application Control engine is designed
to be easy to manage and maintain. This is because legitimate
application states rarely change, even when applications are
updated or patched. Automated updates are provided by
Trusteer, based on research continuously performed on a
network of tens of millions of protected endpoints. The updates
occur with no end-user disruption and require minimal IT staff
resource involvement. If necessary, users can manage exceptions
and enable specific code that would be restricted by Trusteer
due to the nature of its operation.
Why IBM?
Trusteer, an IBM company, provides endpoint cybercrime
prevention solutions that protect organizations against financial
fraud and data breach. Hundreds of organizations and millions
of end users rely on Trusteer to protect their managed and
unmanaged endpoints from online threats and advanced
information-stealing malware.
IBM Security solutions are trusted by organizations worldwide
for fraud prevention and identity and access management.
The proven technologies enable organizations to protect their
customers, employees, and business-critical resources from the
latest security threats. As new threats emerge, IBM can help
organizations build on their core security infrastructure with
a full portfolio of products, services and business partner solu-
tions. IBM empowers organizations to reduce their security vul-
nerabilities and focus on the success of their strategic initiatives.
­

4. For more information
To learn more about Trusteer Apex, please contact your
IBM representative or IBM Business Partner, or visit the
following website: ibm.com/Security
About IBM Security solutions
IBM Security offers one of the most advanced and integrated
portfolios of enterprise security products and services. The
portfolio, supported by world-renowned IBM® X-Force®
research and development, provides security intelligence to help
organizations holistically protect their people, infrastructures,
data and applications, offering solutions for identity and access
management, database security, application development, risk
management, endpoint management, network security and
more. These solutions enable organizations to effectively
manage risk and implement integrated security for mobile,
cloud, social media and other enterprise business architectures.
IBM operates one of the world’s broadest security research,
development and delivery organizations, monitors 15 billion
security events per day in more than 130 countries, and holds
more than 3,000 security patents.
Additionally, IBM Global Financing can help you acquire the
software capabilities that your business needs in the most
cost-effective and strategic way possible. We’ll partner with
credit-qualified clients to customize a financing solution to
suit your business and development goals, enable effective
cash management, and improve your total cost of ownership.
Fund your critical IT investment and propel your business
forward with IBM Global Financing. For more information,
visit: ibm.com/financing
­
­
­ ­
© Copyright IBM Corporation 2014
IBM Corporation
Software Group
Route 100
Somers, NY 10589
Produced in the United States of America
January 2014
IBM, the IBM logo, ibm.com, and X-Force are trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the web at
“Copyright and trademark information” at ibm.com/legal/copytrade.shtml
Adobe is a registered trademark of Adobe Systems Incorporated in the
United States, and/or other countries.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
Microsoft and Windows are trademarks of Microsoft Corporation in the
United States, other countries, or both.
This document is current as of the initial date of publication and may be
changed by IBM at any time. Not all offerings are available in every
country in which IBM operates.
THE INFORMATION IN THIS DOCUMENT IS PROVIDED
“AS IS” WITHOUT ANY WARRANTY, EXPRESS OR
IMPLIED, INCLUDING WITHOUT ANY WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND ANY WARRANTY OR CONDITION OF
NON-INFRINGEMENT. IBM products are warranted according to the
terms and conditions of the agreements under which they are provided.
Statement of Good Security Practices: IT system security involves
protecting systems and information through prevention, detection and
response to improper access from within and outside your enterprise.
Improper access can result in information being altered, destroyed or
misappropriated or can result in damage to or misuse of your systems,
including to attack others. No IT system or product should be considered
completely secure and no single product or security measure can be
completely effective in preventing improper access. IBM systems and
products are designed to be part of a comprehensive security approach,
which will necessarily involve additional operational procedures, and may
require other systems, products or services to be most effective. IBM does
not warrant that systems and products are immune from the malicious or
illegal conduct of any party.
1 Trusteer was acquired by IBM in August of 2013.
­ ­
Please Recycle
WGD03029-USEN-01