01:04 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
Repost This

Seculert Brings Big Data Analytics to Forefront of Malware Detection

Seculert Sense identifies advanced persistent threats and unknown malware

PETACH-TIKVA, ISRAEL--(Marketwire - Oct 18, 2012) - Seculert, the cloud-based advanced threat detection company, today announced the general availability of Seculert Sense, a cloud-based analysis engine that combines the use of customers' on-premise logs and Seculert's outbound intelligence gathered from live botnets, to identify advanced persistent threats (APT) and unknown malware. Seculert Sense is provided as a premium service extending the company's flagship offering, Seculert Echo, a unique non-intrusive threat intelligence service which monitors live botnet activity around the globe, alerting users to compromised endpoints. By leveraging precise botnet data Seculert improves threat detection rates and reduces false positives.

With Seculert Sense, customers can now upload log files using a Secure FTPS tunnel, or upstream logs through Syslog directly from a secure web gateway or web proxy devices, or log aggregation solution for real-time detection and forensics investigation. Built on Amazon Elastic MapReduce, Seculert Sense launches a "big data analysis cloud" that rapidly analyzes an organization's vast amount of log data, going back months or even years and comparing it against the thousands of unique malware samples collected by Seculert. Over time, Seculert Sense continues to digest huge amounts of data in order to identify persistent attacks that are going undetected by next generation IPs, Anti-Bot and Secure Web Gateways.

"Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40 thousand samples of unknown malware which originate from in-house research, customers and third party sources," said Dudi Matot, co-founder and CEO of Seculert. "Because cyberattacks don't target just one entity, we would be doing a disservice to our customers by not sharing our research and knowledge across the board. Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such."

Using state-of-the-art big data technology, like Hadoop, Seculert scans massive amounts of data to find tracks from malware connectivity. Unlike traditional firewalls that require a real-time online decision regarding whether or not a packet is malicious, Seculert Sense can apply multiple and parallel offline scans to ensure a comprehensive search is conducted. Each scan takes a different layer of perspective to detect advanced malware.

When Seculert Sense identifies malicious activity in any log source, it automatically detects similar activities in other sources, even if the logs originate from different vendor products. This enables discovery of targeted attacks across distributed enterprise environments, or even across multiple organizations and industries.

Seculert Sense users are provided with forensic information detailing detected attacks in reports available in the Seculert Web dashboard. This includes the ability to view specific APT attacks, infected endpoints (including mobile) and phone-home calls to ever-changing criminal servers. The Web dashboard provides drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware.

"The data explosion is just as real in security as it is everywhere else, and accurate and timely information can help illustrate how and where attacks take place. The sheer volume of available data, however, can make it difficult for security teams to put data-driven insight to work in pragmatic ways. Those such as Seculert are capitalizing on the opportunity that cloud-based approaches offer for centralizing responsive analysis of large volumes of security-relevant data and delivering that capability to a wide audience," said Scott Crawford, managing research director at Enterprise Management Associates.

Seculert's cloud services are non-intrusive and designed to complement an existing security infrastructure by providing additional cloud malware detection capabilities on top of on-premise security products. Without the need for new hardware, software or changes to the corporate network, deployment of Seculert Sense is instant and extremely cost-effective. Users may even upload ELFF log files from existing vendors such as Bluecoat, WebSense and SQUID so that Seculert Sense can identify previously undetected malware.

For more information about Seculert Sense, please visit

About Seculert

Seculert is a cloud-based advanced threat detection company that discovers malware and Advanced Persistent Threats (APT) that have gone undetected by bypassing existing security solutions on corporate devices and networks across an entire organization, including laptops, mobile devices and remote employees. By intercepting and collecting actual communication between the network and live botnets, Seculert guarantees malware detection with no false positives. Unlike traditional on-premise solutions, Seculert operates in the cloud, with no software or appliances, resulting in a low Total Cost of Ownership (TCO). The elasticity and affordability of the cloud also make it possible for the company to analyze data on a large scale to identify targeted attacks over time, including data on multiple threats from different customers. Seculert is a venture-backed company based in Petach-Tikva, Israel. For more information visit

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web