Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:04 PM
Dark Reading
Dark Reading
Products and Releases

Seculert Brings Big Data Analytics to Forefront of Malware Detection

Seculert Sense identifies advanced persistent threats and unknown malware

PETACH-TIKVA, ISRAEL--(Marketwire - Oct 18, 2012) - Seculert, the cloud-based advanced threat detection company, today announced the general availability of Seculert Sense, a cloud-based analysis engine that combines the use of customers' on-premise logs and Seculert's outbound intelligence gathered from live botnets, to identify advanced persistent threats (APT) and unknown malware. Seculert Sense is provided as a premium service extending the company's flagship offering, Seculert Echo, a unique non-intrusive threat intelligence service which monitors live botnet activity around the globe, alerting users to compromised endpoints. By leveraging precise botnet data Seculert improves threat detection rates and reduces false positives.

With Seculert Sense, customers can now upload log files using a Secure FTPS tunnel, or upstream logs through Syslog directly from a secure web gateway or web proxy devices, or log aggregation solution for real-time detection and forensics investigation. Built on Amazon Elastic MapReduce, Seculert Sense launches a "big data analysis cloud" that rapidly analyzes an organization's vast amount of log data, going back months or even years and comparing it against the thousands of unique malware samples collected by Seculert. Over time, Seculert Sense continues to digest huge amounts of data in order to identify persistent attacks that are going undetected by next generation IPs, Anti-Bot and Secure Web Gateways.

"Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40 thousand samples of unknown malware which originate from in-house research, customers and third party sources," said Dudi Matot, co-founder and CEO of Seculert. "Because cyberattacks don't target just one entity, we would be doing a disservice to our customers by not sharing our research and knowledge across the board. Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such."

Using state-of-the-art big data technology, like Hadoop, Seculert scans massive amounts of data to find tracks from malware connectivity. Unlike traditional firewalls that require a real-time online decision regarding whether or not a packet is malicious, Seculert Sense can apply multiple and parallel offline scans to ensure a comprehensive search is conducted. Each scan takes a different layer of perspective to detect advanced malware.

When Seculert Sense identifies malicious activity in any log source, it automatically detects similar activities in other sources, even if the logs originate from different vendor products. This enables discovery of targeted attacks across distributed enterprise environments, or even across multiple organizations and industries.

Seculert Sense users are provided with forensic information detailing detected attacks in reports available in the Seculert Web dashboard. This includes the ability to view specific APT attacks, infected endpoints (including mobile) and phone-home calls to ever-changing criminal servers. The Web dashboard provides drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware.

"The data explosion is just as real in security as it is everywhere else, and accurate and timely information can help illustrate how and where attacks take place. The sheer volume of available data, however, can make it difficult for security teams to put data-driven insight to work in pragmatic ways. Those such as Seculert are capitalizing on the opportunity that cloud-based approaches offer for centralizing responsive analysis of large volumes of security-relevant data and delivering that capability to a wide audience," said Scott Crawford, managing research director at Enterprise Management Associates.

Seculert's cloud services are non-intrusive and designed to complement an existing security infrastructure by providing additional cloud malware detection capabilities on top of on-premise security products. Without the need for new hardware, software or changes to the corporate network, deployment of Seculert Sense is instant and extremely cost-effective. Users may even upload ELFF log files from existing vendors such as Bluecoat, WebSense and SQUID so that Seculert Sense can identify previously undetected malware.

For more information about Seculert Sense, please visit http://seculert.com/sense.html.

About Seculert

Seculert is a cloud-based advanced threat detection company that discovers malware and Advanced Persistent Threats (APT) that have gone undetected by bypassing existing security solutions on corporate devices and networks across an entire organization, including laptops, mobile devices and remote employees. By intercepting and collecting actual communication between the network and live botnets, Seculert guarantees malware detection with no false positives. Unlike traditional on-premise solutions, Seculert operates in the cloud, with no software or appliances, resulting in a low Total Cost of Ownership (TCO). The elasticity and affordability of the cloud also make it possible for the company to analyze data on a large scale to identify targeted attacks over time, including data on multiple threats from different customers. Seculert is a venture-backed company based in Petach-Tikva, Israel. For more information visit www.seculert.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...