CTM Endpoint Module - Project HSD Development Fund
Initiative by: Fox-IT, TU Delft and Dreamsolution
Status: In progress
Lightweight, signature-less endpoint malware protection
Every device connected to an organization’s network, be it a PC, laptop, tablet or smartphone, represents a threat that could compromise network security. Because many cyber attackers today gain entry to corporate networks through employees’ devices, endpoint protection has become one of the most critical areas of network security.
Cyber criminals use a variety of stealth methods to gain access to organization’s computing systems, including spoofing users or spreading malware to get access to passwords, login information and sensitive corporate assets. Granting network access to contractors and temporary workers also represents security hazards.
Solution: CTM Endpoint Module
In response to the endpoint challenges that have emerged, Fox-IT, TU Delft and Dreamsolution used their combined knowledge to develop a new generation of enterprise security. One that delivers visibility, detection, forensics and protection in a single solution. The CTM Endpoint Module provides state-of-the-art protection from endpoint-focused cyberattacks to secure corporate assets and sensitive information. It builds a protective barrier between corporate system assets and the applications that have access to the host systems that house them. This barrier is used to monitor and control exactly how individual programs interact with the host system.
Instead of blocking the exploit phase by looking for malware signatures like traditional antivirus systems do, the CTM Endpoint Module blocks the payload execution phase. By setting rules and normal usage parameters, applications can only perform prescribed behavior. Every action an application tries to conduct outside the rule set is automatically blocked by the prevention feature. In this way, the application can execute perfectly as intended, without gaining access to the system to install malware.
Advanced malware detection
The CTM Endpoint Module is already operational and protects multiple organizations in the Netherlands against cyberattacks. The goal of the HSD-funded project involving partners Fox-IT, Dreamsolution, and TU Delft, is to develop a detection tool capable of detecting known and unknown cyber-attacks.
The CTM Endpoint Module is co-financed by the HSD Development Fund. The partners share the benefits generated by the grant-funded project, such as new knowledge and opportunities. New jobs will also be created in the region. It is expected that the CTM Endpoint Module team will grow to at least twenty employees in the coming years and that this project will help make Dutch society a bit safer.
Fox-IT prevents, solves and mitigates the most serious threats caused by cyberattacks, data leaks or fraud with innovative solutions for governments, defense agencies, law enforcement, critical infrastructure, banking and commercial enterprise clients worldwide. Fox-IT combines smart ideas with advanced technology to create solutions that contribute to a more secure society. We develop products and custom solutions for our clients to guarantee the security of sensitive and critical government systems, protect industrial networks, defend online banking systems and secure confidential data.
Dreamsolution is a leader in the areas of metadata processing, visualization of data, implementing data processing systems, and realization of accessible, web-based user interfaces. They deliver custom solutions developed through critical cooperative dialogue with the collaboration partner. Dreamsolution is participating in development, research and prototype the visualization aspect of the new detection software on the server.
Goal-oriented innovation – that is TU Delft's guiding principle. TU Delft does not develop knowledge for knowledge's sake but rather for practical applications. It does so to create new products that make life more pleasant and more valuable, and that help companies innovate, as well as to find creative answers to the questions society is asking. As a research institute, TU Delft contributes knowledge pertaining to network security and architecture.
This project is co-financed by the HSD Development Fund from the City of The Hague