Attacks/Breaches
10/18/2012
01:04 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Seculert Brings Big Data Analytics to Forefront of Malware Detection

Seculert Sense identifies advanced persistent threats and unknown malware

PETACH-TIKVA, ISRAEL--(Marketwire - Oct 18, 2012) - Seculert, the cloud-based advanced threat detection company, today announced the general availability of Seculert Sense, a cloud-based analysis engine that combines the use of customers' on-premise logs and Seculert's outbound intelligence gathered from live botnets, to identify advanced persistent threats (APT) and unknown malware. Seculert Sense is provided as a premium service extending the company's flagship offering, Seculert Echo, a unique non-intrusive threat intelligence service which monitors live botnet activity around the globe, alerting users to compromised endpoints. By leveraging precise botnet data Seculert improves threat detection rates and reduces false positives.

With Seculert Sense, customers can now upload log files using a Secure FTPS tunnel, or upstream logs through Syslog directly from a secure web gateway or web proxy devices, or log aggregation solution for real-time detection and forensics investigation. Built on Amazon Elastic MapReduce, Seculert Sense launches a "big data analysis cloud" that rapidly analyzes an organization's vast amount of log data, going back months or even years and comparing it against the thousands of unique malware samples collected by Seculert. Over time, Seculert Sense continues to digest huge amounts of data in order to identify persistent attacks that are going undetected by next generation IPs, Anti-Bot and Secure Web Gateways.

"Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40 thousand samples of unknown malware which originate from in-house research, customers and third party sources," said Dudi Matot, co-founder and CEO of Seculert. "Because cyberattacks don't target just one entity, we would be doing a disservice to our customers by not sharing our research and knowledge across the board. Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such."

Using state-of-the-art big data technology, like Hadoop, Seculert scans massive amounts of data to find tracks from malware connectivity. Unlike traditional firewalls that require a real-time online decision regarding whether or not a packet is malicious, Seculert Sense can apply multiple and parallel offline scans to ensure a comprehensive search is conducted. Each scan takes a different layer of perspective to detect advanced malware.

When Seculert Sense identifies malicious activity in any log source, it automatically detects similar activities in other sources, even if the logs originate from different vendor products. This enables discovery of targeted attacks across distributed enterprise environments, or even across multiple organizations and industries.

Seculert Sense users are provided with forensic information detailing detected attacks in reports available in the Seculert Web dashboard. This includes the ability to view specific APT attacks, infected endpoints (including mobile) and phone-home calls to ever-changing criminal servers. The Web dashboard provides drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware.

"The data explosion is just as real in security as it is everywhere else, and accurate and timely information can help illustrate how and where attacks take place. The sheer volume of available data, however, can make it difficult for security teams to put data-driven insight to work in pragmatic ways. Those such as Seculert are capitalizing on the opportunity that cloud-based approaches offer for centralizing responsive analysis of large volumes of security-relevant data and delivering that capability to a wide audience," said Scott Crawford, managing research director at Enterprise Management Associates.

Seculert's cloud services are non-intrusive and designed to complement an existing security infrastructure by providing additional cloud malware detection capabilities on top of on-premise security products. Without the need for new hardware, software or changes to the corporate network, deployment of Seculert Sense is instant and extremely cost-effective. Users may even upload ELFF log files from existing vendors such as Bluecoat, WebSense and SQUID so that Seculert Sense can identify previously undetected malware.

For more information about Seculert Sense, please visit http://seculert.com/sense.html.

About Seculert

Seculert is a cloud-based advanced threat detection company that discovers malware and Advanced Persistent Threats (APT) that have gone undetected by bypassing existing security solutions on corporate devices and networks across an entire organization, including laptops, mobile devices and remote employees. By intercepting and collecting actual communication between the network and live botnets, Seculert guarantees malware detection with no false positives. Unlike traditional on-premise solutions, Seculert operates in the cloud, with no software or appliances, resulting in a low Total Cost of Ownership (TCO). The elasticity and affordability of the cloud also make it possible for the company to analyze data on a large scale to identify targeted attacks over time, including data on multiple threats from different customers. Seculert is a venture-backed company based in Petach-Tikva, Israel. For more information visit www.seculert.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.