Ultralight: The core of F-Secure

F-Secure takes a multi-layered approach to endpoint protection and leverages cloud analysis and machine learning to reduce the overall system overall performance impact while providing protection against a multitude of malware and internet threats. Ultralight combines all the technologies present in F-Secure’s full endpoint protection stack into a single package and is included in the following products:

  • F-Secure Protection Service for Business (PSB), Computer & Server Protection
  • F-Secure Business Suite, Client Security 13.x & later plus Server Security 14.x & later
  • F-Secure SAFE and variants

Ultralight consists of drivers, engines, and system services that provide mechanisms to protect both devices and its users. It provides traditional anti-virus functionality, such as real-time file scanning and network scanning and also includes modern, proactive protection technologies that aim to stop zero-day exploits and stay ahead of new attacks. F-Secure’s Security Cloud provides Ultralight components with real-time information as the threat landscape changes.

Ultralight’s intelligent combination of protection technologies represents the same approach that allowed F-Secure to take home the prestigious AV-Test Institute’s ‘Best Protection’ award six times in eight years.

Figure 1: Components that make up the Ultralight engine

FEATURES

  • Detects and blocks exploits, common malware, and other identifiers in any hostile content sent by attacker
  • Detects and blocks exploitive behavior occurring in an application designed to open potentially harmful content (PDF reader, office software, Java runtime, JavaScript interpreter, etc.)
  • Detects and blocks suspicious or malicious behavior both in running applications and in the system itself
  • Prevents compromised applications from performing hostile actions, such as dropping malware onto a system
  • Detects and blocks malware with a traditional file scanning engine
  • Detects and blocks memory-resident malware
  • Removes or quarantines malicious artifacts from the system
  • Disinfects objects that have been modified by file infectors
  • Utilizes F-Secure’s Security Cloud to detect anomalies in files or file metadata
  • Sends suspicious executable files to F-Secure’s Security Cloud for extended analysis
  • Prevents malware from contacting a C&C server
  • Uses automatic forensics and computer ecosystem anomaly detection to detect malware that other techniques are unable to prevent or detect

BENEFITS

  • Proactive security against zero-day attacks and unique malware.
  • Zero-day exploits have been detected before they have been public knowledge.
  • Effective protection against custom malware.
  • The more a malicious file has been modified to evade signature-based scanning, the more suspicious it looks to us.
  • Our exploit protection focuses on prevention of the exploit phase itself.
  • The way exploit writers typically modify their code to evade signature-based scans cannot bypass our exploit detection techniques.
  • Exploit protection is constantly improved and tweaked as we collect more samples and refine the behavioral detection.
  • Automatically deployed forensics algorithms generated by Security Cloud’s AI systems.