The following article presents how Apex One Vulnerability Protection (VP) uses a multi-layer protection approach in blocking modern vulnerabilities.
Apex One Vulnerability Protection has been designed to be a simplified solution for new and emerging vulnerabilities by minimizing administration and deployment efforts.
The predefined rules in Apex One Vulnerability Protection have been fine-tuned and reviewed in our labs to work together with other Apex One features to have maximized protection from these threats.
|Name||CVE Description||Apex One VP|
|CVE-2020-0674: Scripting Engine Memory Corruption Vulnerability||This is a known browser vulnerability and is treated as “in the wild”.||There would be no need to create a rule for this vulnerability due to the following reason that the Vulnerability is covered by Browser Exploit Solution which is a component of Web Reputation. Browser Exploit Solution is a heuristic engine that detects browser vulnerabilities which are found “in the wild”.|
|CVE-2017-8759: .NET Framework Remote Code Execution Vulnerability||This is a vulnerability that would involve a drive by download by opening a malicious file or application for browser preview or user time of click.||This would not need to be covered by Apex One Vulnerability Protection as this should be detected by the Advanced Threat Scan Engine which is part of Real-time Scan. The action taken to this vulnerability would depend on the setting set by administrators.|
|CVE-2020-0601: Microsoft Windows CryptoAPI Spoofing Vulnerability||This is a vulnerability where an attacker could exploit a vulnerability using a spoofed certificate to sign a malicious executable to make it look legitimate. This can then be used to conduct man in the middle attacks.||A rule has been created on this since there is an available Proof of Concept. This would then cause the vulnerability to be easily exploited.|
In summary, Apex One Vulnerability Protection is part of the multi-layer approach of the Apex One agent including Machine Learning, Behavior Monitoring, Browser Exploit Solution, Web Reputation and Real-time Scan, therefore providing the most effective technology and rules to maximize endpoint protection.