Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:04 PM
Dark Reading
Dark Reading
Products and Releases

Seculert Brings Big Data Analytics to Forefront of Malware Detection

Seculert Sense identifies advanced persistent threats and unknown malware

PETACH-TIKVA, ISRAEL--(Marketwire - Oct 18, 2012) - Seculert, the cloud-based advanced threat detection company, today announced the general availability of Seculert Sense, a cloud-based analysis engine that combines the use of customers' on-premise logs and Seculert's outbound intelligence gathered from live botnets, to identify advanced persistent threats (APT) and unknown malware. Seculert Sense is provided as a premium service extending the company's flagship offering, Seculert Echo, a unique non-intrusive threat intelligence service which monitors live botnet activity around the globe, alerting users to compromised endpoints. By leveraging precise botnet data Seculert improves threat detection rates and reduces false positives.

With Seculert Sense, customers can now upload log files using a Secure FTPS tunnel, or upstream logs through Syslog directly from a secure web gateway or web proxy devices, or log aggregation solution for real-time detection and forensics investigation. Built on Amazon Elastic MapReduce, Seculert Sense launches a "big data analysis cloud" that rapidly analyzes an organization's vast amount of log data, going back months or even years and comparing it against the thousands of unique malware samples collected by Seculert. Over time, Seculert Sense continues to digest huge amounts of data in order to identify persistent attacks that are going undetected by next generation IPs, Anti-Bot and Secure Web Gateways.

"Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40 thousand samples of unknown malware which originate from in-house research, customers and third party sources," said Dudi Matot, co-founder and CEO of Seculert. "Because cyberattacks don't target just one entity, we would be doing a disservice to our customers by not sharing our research and knowledge across the board. Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such."

Using state-of-the-art big data technology, like Hadoop, Seculert scans massive amounts of data to find tracks from malware connectivity. Unlike traditional firewalls that require a real-time online decision regarding whether or not a packet is malicious, Seculert Sense can apply multiple and parallel offline scans to ensure a comprehensive search is conducted. Each scan takes a different layer of perspective to detect advanced malware.

When Seculert Sense identifies malicious activity in any log source, it automatically detects similar activities in other sources, even if the logs originate from different vendor products. This enables discovery of targeted attacks across distributed enterprise environments, or even across multiple organizations and industries.

Seculert Sense users are provided with forensic information detailing detected attacks in reports available in the Seculert Web dashboard. This includes the ability to view specific APT attacks, infected endpoints (including mobile) and phone-home calls to ever-changing criminal servers. The Web dashboard provides drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware.

"The data explosion is just as real in security as it is everywhere else, and accurate and timely information can help illustrate how and where attacks take place. The sheer volume of available data, however, can make it difficult for security teams to put data-driven insight to work in pragmatic ways. Those such as Seculert are capitalizing on the opportunity that cloud-based approaches offer for centralizing responsive analysis of large volumes of security-relevant data and delivering that capability to a wide audience," said Scott Crawford, managing research director at Enterprise Management Associates.

Seculert's cloud services are non-intrusive and designed to complement an existing security infrastructure by providing additional cloud malware detection capabilities on top of on-premise security products. Without the need for new hardware, software or changes to the corporate network, deployment of Seculert Sense is instant and extremely cost-effective. Users may even upload ELFF log files from existing vendors such as Bluecoat, WebSense and SQUID so that Seculert Sense can identify previously undetected malware.

For more information about Seculert Sense, please visit http://seculert.com/sense.html.

About Seculert

Seculert is a cloud-based advanced threat detection company that discovers malware and Advanced Persistent Threats (APT) that have gone undetected by bypassing existing security solutions on corporate devices and networks across an entire organization, including laptops, mobile devices and remote employees. By intercepting and collecting actual communication between the network and live botnets, Seculert guarantees malware detection with no false positives. Unlike traditional on-premise solutions, Seculert operates in the cloud, with no software or appliances, resulting in a low Total Cost of Ownership (TCO). The elasticity and affordability of the cloud also make it possible for the company to analyze data on a large scale to identify targeted attacks over time, including data on multiple threats from different customers. Seculert is a venture-backed company based in Petach-Tikva, Israel. For more information visit www.seculert.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).