Microsoft is hard at work building a technology designed to streamline and speed up the process associated with vulnerability analysis. Paladin was introduced at the CanSecWest conference in Vancouver, with the Redmond company indicating that the security toolset serves to enhance the response time when it comes down to emerging threats. Paladin will be included into the next version of Forefront with Network Inspection System, extending the solution's capabilities. “The motivation behind this work is to automate the otherwise laborious process of analyzing exploits, identifying malicious input bytes quickly, identification of how shell code is executed and, basically, to narrow the search space for further manual analysis,” explained Jeff Williams, director, Microsoft Malware Protection Center.

Critical in Microsoft's perspective is not just the necessity to address exploits and vulnerabilities as fast as possible, but also to scale in order to match any task. “The results of this technology are very positive on memory corruption vulnerabilities and allow our research team to decrease dramatically the amount of time spent analyzing those vulnerabilities. While it is true that there are types of vulnerabilities that Paladin is not perfectly suited for today we are working diligently to extend this capability towards even broader coverage and higher efficacy,” Williams added.

The software giant is building Paladin having at the basis a Microsoft Research project dubbed Vigilante. Still, while Vigilante was focused on malicious code known as worms, Paladin helps deal with security holes and exploits. Williams explained that the underlying technology is capable of identifying untrusted data and prevent execution through dynamic dataflow analysis. Paladin brings to the table a program instrumentation component dealing with monitoring tasks, but also a detection as well as a filter generator capable of building signatures set up to counteract a certain threat.

“Expect to hear more about Paladin in the months to come and to benefit from this and related research today if you are a customer running the beta of the next version Forefront Threat Management Gateway with our Network Inspection System,” Williams concluded.