With Seculert Sense, customers can now upload log files using a Secure FTPS tunnel, or upstream logs through Syslog directly from a secure web gateway or web proxy devices, or log aggregation solution for real-time detection and forensics investigation. Built on Amazon Elastic MapReduce, Seculert Sense launches a "big data analysis cloud" that rapidly analyzes an organization's vast amount of log data, going back months or even years and comparing it against the thousands of unique malware samples collected by Seculert. Over time, Seculert Sense continues to digest huge amounts of data in order to identify persistent attacks that are going undetected by next generation IPs, Anti-Bot and Secure Web Gateways.
"Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40 thousand samples of unknown malware which originate from in-house research, customers and third party sources," said Dudi Matot, co-founder and CEO of Seculert. "Because cyberattacks don't target just one entity, we would be doing a disservice to our customers by not sharing our research and knowledge across the board. Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such."
Using state-of-the-art big data technology, like Hadoop, Seculert scans massive amounts of data to find tracks from malware connectivity. Unlike traditional firewalls that require a real-time online decision regarding whether or not a packet is malicious, Seculert Sense can apply multiple and parallel offline scans to ensure a comprehensive search is conducted. Each scan takes a different layer of perspective to detect advanced malware.
When Seculert Sense identifies malicious activity in any log source, it automatically detects similar activities in other sources, even if the logs originate from different vendor products. This enables discovery of targeted attacks across distributed enterprise environments, or even across multiple organizations and industries.
Seculert Sense users are provided with forensic information detailing detected attacks in reports available in the Seculert Web dashboard. This includes the ability to view specific APT attacks, infected endpoints (including mobile) and phone-home calls to ever-changing criminal servers. The Web dashboard provides drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware.
"The data explosion is just as real in security as it is everywhere else, and accurate and timely information can help illustrate how and where attacks take place. The sheer volume of available data, however, can make it difficult for security teams to put data-driven insight to work in pragmatic ways. Those such as Seculert are capitalizing on the opportunity that cloud-based approaches offer for centralizing responsive analysis of large volumes of security-relevant data and delivering that capability to a wide audience," said Scott Crawford, managing research director at Enterprise Management Associates.
Seculert's cloud services are non-intrusive and designed to complement an existing security infrastructure by providing additional cloud malware detection capabilities on top of on-premise security products. Without the need for new hardware, software or changes to the corporate network, deployment of Seculert Sense is instant and extremely cost-effective. Users may even upload ELFF log files from existing vendors such as Bluecoat, WebSense and SQUID so that Seculert Sense can identify previously undetected malware.
For more information about Seculert Sense, please visit http://seculert.com/sense.html.
Seculert is a cloud-based advanced threat detection company that discovers malware and Advanced Persistent Threats (APT) that have gone undetected by bypassing existing security solutions on corporate devices and networks across an entire organization, including laptops, mobile devices and remote employees. By intercepting and collecting actual communication between the network and live botnets, Seculert guarantees malware detection with no false positives. Unlike traditional on-premise solutions, Seculert operates in the cloud, with no software or appliances, resulting in a low Total Cost of Ownership (TCO). The elasticity and affordability of the cloud also make it possible for the company to analyze data on a large scale to identify targeted attacks over time, including data on multiple threats from different customers. Seculert is a venture-backed company based in Petach-Tikva, Israel. For more information visit www.seculert.com.