Professional Documents
Culture Documents
Seculert Combating Advanced Persistent Threats Through Detection WP
Seculert Combating Advanced Persistent Threats Through Detection WP
Table of Contents
Introduction 3 What is an Advanced Persistent Threat? Malware Prevention Methods Under Fire The Power of Big Data Analytics Beyond the Enterprise - BYOD Seculert: The Best Bet for your Budget 4 4 5 6 7
Summary 7
Share this
| 2
INTRODUCTION
A series of recent high-profile security breaches have underscored that malware prevention strategies are consistently failing to adequately protect enterprises from advanced persistent threats (APTs). Its time to embrace a better alternativethreat detection built on big data analytics. When it comes to prevention methods, information security vendors have traditionally fallen into two camps: either allowing whats on a whitelist and preventing everything else; or preventing whats on a blacklist, and allowing everything else. Either way, theyre fixated on the tactic of prevention. In addition, the failure of systems, such as firewalls, IPS, IDS and Secure Web Gateways, to detect and protect the network is due to the fact that they are policy- and/or signature-based, and can manage only real-time traffic. They are also limited by the capacity of the appliance (CPU, storage, etc.), which means they cannot detect persistent threats. At Seculert, our take is different. We know that no prevention method is able to be perfectly implemented, and something is always going to get through. Therefore, it is far more effective to focus solely on postinfection detectionand we use big data analytics as the best way to achieve that goal.
SECULERT
Share this
| 3
The ongoing rash of security breaches underlines an indisputable fact: prevention methods simply can never be 100% certain. So, if the real question is post-infection detection, the answer is big data analytics.
Share this
| 4
4. As a pure cloud service, Seculert is able to digest huge amounts of data over time. Over 40,000 unique samples of unknown malware are collected and profiled by Seculert on a daily basis. Seven million new infected IP addresses are identified every day. Tens of thousands of compromised enterprises are detected worldwide. Petabytes of botnet traffic and customer logs are analyzed monthly. Over time, Seculert continues to digest huge amounts of data in order to identify persistent attacks that have gone undetected by other on-premises security solutions for days, weeks, months or even years. How? Built on Amazon Elastic MapReduce, Seculerts big data analysis cloud rapidly analyzes vast amounts of log data, going back months and even years to compare it against the myriad unique malware samples collected and profiled by Seculert. Seculerts solution utilizes the Apache Hadoop framework, which supports data-intensive distributed applications across large hardware clusters. Using this state-of-the-art big data backbone, Seculert scans massive amounts of data to find tracks from malware connectivity. Unlike traditional firewalls that require an on-the-spot decision regarding whether or not a packet is malicious, Seculerts big data approach can apply multiple and parallel offline scans to ensure a comprehensive search is conducted. Each scan takes a different layer of perspective to detect advanced malware. This approach of correlating enterprise-supplied (internal) data with live botnet (external) intelligence allows Seculert to provide industry-leading forensics investigation and real-time detection of APTs, alerting users to compromised endpoints, while drastically improving threat detection rates and reducing false positives.
The Lockheed Martin breach underscores the fact that the BYOD environment has created challenges for the traditional approach to cyber-security, which is based on the constraint that the organization can only control what it owns. The Seculert product is unique in the marketplace in that it can determine compromised devices externally. Seculert will detect any kind of malware on any environment, which includes both malware running within the enterprise network and malware infecting remote employees on any device. Seculerts botnet interception system gathers botnet traffic into a big data pile and enables customers to search for infections on both internal and remote devices via a web-based dashboard. You simply enter keywords, such as the external IP addresses of the enterprise and any web interface domain that customers have opened up internally, for example sharepoint.mycompany.com or externally by remote employees, such as owa.mycompany.com, or by partners, such as partnersport.mycompany.com. When Seculert identifies malicious activity in any data source, it automatically detects similar activities in other sources, even if the data originates from different companies. This enables discovery of targeted attacks across distributed enterprise environments, or even across multiple organizations and industries. Seculert users are provided with forensic information detailing detected attacks in reports available in the Seculert Web dashboard. This includes the ability to view specific APT attacks, infected endpoints (including mobile) and phone-home calls to ever-changing criminal servers. The Web dashboard provides drill-down capability to the raw botnet traffic logs that hold the evidence for the APT or unknown malware. As more and more applications and other digital assets move to the cloud, securing the network in traditional ways is insufficient. Using a cloud-based approach makes it easier to run sophisticated detection across devices both inside and outside the network.
Share this
| 5
Summary
This document has provided an overview of the technology, frameworks and concepts on which the Seculert solution is based. Seculert is an elastic, scalable, cloud-based malware detection service that is designed to meet the needs of organizations of any size. Corporations are realizing a rapid return on their Seculert investment through increased threat detection, reduced false positives, and less impact on their IT infrastructure. For more information on Seculert solutions, call +1-718-305-7067 or visit www.seculert.com.
SECULERT Mota Gur 7, Petach-Tikva, Israel. Tel: +972-3-9193366 Tel (US): +1-718-305-7067 Email: info@seculert.com http://www.seculert.com Share this
| 6