SlideShare a Scribd company logo

Botnet Interception

Seculert
Seculert

The cyber threat landscape is becoming more dangerous and challenging all the time. Here, you’ll find a practical, expert-crafted resource to help keep your enterprise secure and successful for the long-term. It’s our way to help you get informed -- and stay safe. Botnet Interception -Detects unknown threats -Tracks communication between bots and command and control servers -Searches botnet traffic for company's IP addresses and domains -Follows the footprint of live malware -Identifies internal and external threats -Detects malware on devices belonging to the company's internal and external employees, partners, and customer

Technology
1 of 4
Download to read offline
DATA SHEET Advanced Threat Protection Botnet Interception A large percentage of today’s advanced threats operate as a botnet – a network of malware-infected devices run by a series of Command and Control servers. They gradually spread throughout the users and endpoints in your organization until they can do significant damage. Remote employees and employees using personal mobile devices are a prime target for botnets because they are beyond the protection provided by enterprise security defenses. Seculert Botnet interception analyzes botnet traffic to identify all infected users and endpoints – whether they are inside or outside of the corporate network. It takes minutes to set up - there is nothing to deploy or install and no need to direct network traffic to Seculert for analysis. As soon as you sign up for Seculert Botnet Interception, it detects malware infections that are already affecting your organization – and that your current security defenses have not detected. Seculert is a comprehensive cloud-based solution for protecting organizations from advanced malware, APTs and zero-day attacks. Seculert combines several key detection and protection technologies – an Elastic Sandbox environment, Botnet Interception, and Traffic Log Analysis - in What is a Botnet? Like all advanced malware, botnets evolve. That is why it is essential to analyze them over a significant period of time. A typical botnet may undergo three stages: one simple solution that proactively identifies new threats as they emerge. • Opportunistic: Criminals attack the general population, usually for monetary gain. The risk is usually greater to the individual rather than to the organization. • Semi-opportunistic: This category is programed to infect specific targets in a search for vulnerable entry points and key employees in a specific industry or country, and is often performed with the goal of selling the information onward. • Targeted: Once vulnerable targets have been found, a targeted attack with well-defined goals may be launched by the original hacker or by a second criminal organization with more focused goals. Seculert Botnet Interception is effective with all three types. It uses a number of recognized techniques, such as sinkholing and honeypots, along with proprietary, patent-pending methods that work together to collect information that no other method can deliver. How it Works Standard botnet monitoring services provide a list of known Command and Control servers so you can block them. Seculert goes one step further and actually identifies the users and endpoints that are infected. As soon as we identify a botnet, we infect our own servers and join the network. We actually go “behind the enemy lines” to collect intelligence. Seculert Botnet Interception collects millions of global bot transmissions as they communicate with Command and Control servers (C&C) every day. Using a wide range of techniques, the Botnet Interception module silently intercepts the traffic, analyzes it and determines if our customers are infected. Botnet interception uses known techniques, such as sinkholing and honeypots, along with proprietary technologies developed by Seculert to intercept and analyze botnet traffic. DATA SHEET BOTNET INTERCEPTION | 1
Example: How Does Sinkholing Work? 1. Suspicious code is allowed to run for an extended period of time in the Elastic Sandbox. The traffic generated by the malware is studied using Big Data analytics and proprietary machine learning technology. The platform understands the pattern of communication between the bot and its C&C servers. 2. One of a botnet’s primary evasion tactics is to periodically change the address of the C&C server, so that you will not spot a lot of suspicious traffic going out to one address. Malware includes a configuration file that lists the servers to try to contact. Seculert understands the pattern and predicts the domains that the C&C is likely to use in the future. 3. Seculert identifies domains that are still available and registers them. The new domains are set up to direct all botnet traffic through Seculert’s sinkhole server. 4. When the current C&C server domain is suspended or blocked by the ISP, the botnet will move on to the next C&C server on the list, which is actually registered to Seculert. It redirects the traffic to the sinkhole server, which automatically logs the communication and then immediately ends the session. It’s important to note that the sinkhole server isn’t actively perpetuating the botnet – it is only monitoring the traffic. 5. Seculert’s Big Data analytics are again used to analyze the traffic from the sinkhole server and correlate customers’ IP addresses, web interface domains and identities, in order to detect infected machines. In this way, it can identify users and endpoints up to the machine name, both inside and outside of your internal corporate network – including remote workers and BYOD. 6. Seculert immediately acts on the information, updating customer dashboards, sending email alerts, and through the API, informing proxies and firewalls of which users and devices to block. Through the API, seculert also provides full event information to SIEM systems for correlation and forensics. DATA SHEET BOTNET INTERCEPTION | 2
Two Minute Setup, Immediate Results Since it is a cloud-based service, Seculert Botnet Interception is entirely zero-touch for your organization: no need to change your security architecture, install software, deploy a new appliance, or redirect Internet traffic. You can set it up in seconds by simply defining a range of IP addresses or outward facing web domains (e.g. sslvpn.mycompanydomain. com or owa.mycompanydomain.com), and detection begins immediately. After any attack is detected, the dashboard supplies you with a detailed incident report so that you can understand and mitigate your exposure and modify your security policies as needed. Immediately see the users and devices infected – both inside and outside the corporate network You will see the compromised computer by IP, machine name, employees email, threat type, crime server, raw data of the transmission from the bot to the crime server plus the time and date of the transmission. We also group together all the relevant transmissions from the source to the crime server. The raw data can sometimes include the confidential information that was leaked by the bot, e.g. credentials to access critical web services. The malware behavior is displayed in a graph and shows the daily number of transmissions. We also provide separate tabs for risks and recommendations. Incident Results within the Seculert Dashboard Remote Users and BYOD When it comes to advanced threats, remote employees pose one of the biggest risks to your organization. The steps you have taken to fortify your internal network simply will not detect or block infection from remote users including employees and partners working outside the office. Small offices and other “remote” sites pose a similar challenge. They are vulnerable to advanced malware and they regularly access your most crucial data assets, yet it is simply not costeffective to implement pricey ATP appliances at each location. Seculert is the only Advanced Threat Protection solution designed to protect remote users - no matter where they are located, and regardless of the computer, mobile device or operating system they use. Seculert’s unique Botnet Interception technology looks both inside and outside your internal network to identify every computer infected by known malware. DATA SHEET BOTNET INTERCEPTION | 3
Automated Protection API To make the most of Botnet Interception, you can integrate it with your existing security infrastructure using the Seculert Protection API. The API features two simple interfaces for accessing and retrieving data: • A web request that retrieves the complete list of crime servers and the time period they were observed to be active. • A web request that retrieves all the incidents that were detected by Seculert for the specific organization, including the employees’ internal and remote access, partners and customers. The API can communicate directly with corporate firewalls and proxies to block traffic. To support complete forensics, threat detection data can also be sent to SIEM systems for correlation. Some additional examples of integration include: • Updating Seculert’s list of crime servers to the access list of the corporate web proxy or secure web gateway. This will ensure that the bot infected computers will not communicate with the crime servers. • Using the API to upload the compromised computers into the firewall policies. This will help isolate infected computers and block them from accessing your data centers or internal assets until remediation. Synergistic Technologies Seculert’s Botnet Interception is extremely powerful – but it is the combination of the Botnet Interception working together with all of Seculert’s core technologies that provides the key to successful advanced Threat Protection. In addition to the Botnet Interception, Seculert features: • Elastic sandbox environment to execute and study suspicious code for as long as necessary in order to profile it. • Automated traffic log file analysis to identify unknown malware that is targeting your organization. • Protection API to automatically stop identified threats through integration with perimeter defenses. • Big Data analytics analyzes tens of thousands of malware profiles daily as well as petabytes of traffic logs in order to detect APTs. • Machine learning technology identifies unknown malware based on an understanding of malware behavior in order to keep up with the volume and rate of change. • Intuitive dashboard puts instant information about all advanced threats at your fingertips. • Full coverage of remote and mobile users on all endpoints including BYOD - without installing a single appliance or endpoint solution. • Cost-effective cloud service means no installation, instant results, and low total cost of ownership. Licensing You can experience Botnet Interception completely for free; however, the fully detailed results will be limited. In addition the API and some of the reports are only available with the Premium version. Please contact us for more details. Toll Free (US): 1-855-732-8537 Tel (US): 1-408-560-3400 info@seculert.com www.seculert.com Tel (UK): 44-203-355-6444 Tel (Intl): 972-3-919-3366 DATA SHEET BOTNET INTERCEPTION | 4

Recommended

Novus Consulting Services
Novus Consulting ServicesNovus Consulting Services
Novus Consulting Services
novusgs
 
Escrito sin fotos vivencia
Escrito sin fotos vivenciaEscrito sin fotos vivencia
Escrito sin fotos vivencia
Nataly Villamizar
 
Emprendimiento
EmprendimientoEmprendimiento
Emprendimiento
Laura Marulanda
 
Sahaja yoga barcelona: reconocimientos y premios de Shri Mataji
Sahaja yoga barcelona: reconocimientos y premios de Shri MatajiSahaja yoga barcelona: reconocimientos y premios de Shri Mataji
Sahaja yoga barcelona: reconocimientos y premios de Shri Mataji
SahajaYogaBarcelona
 
Design PRO
Design PRO Design PRO
Design PRO
designPRO
 
Wikisaber uso de las tic
Wikisaber uso de las ticWikisaber uso de las tic
Wikisaber uso de las tic
jovireyes
 
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Karina Anatnasg
 
Bzness - Institucional
Bzness - InstitucionalBzness - Institucional
Bzness - Institucional
IMO.ETC
 

Recommended

Novus Consulting Services
Novus Consulting ServicesNovus Consulting Services
Novus Consulting Services
novusgs
 
Escrito sin fotos vivencia
Escrito sin fotos vivenciaEscrito sin fotos vivencia
Escrito sin fotos vivencia
Nataly Villamizar
 
Emprendimiento
EmprendimientoEmprendimiento
Emprendimiento
Laura Marulanda
 
Sahaja yoga barcelona: reconocimientos y premios de Shri Mataji
Sahaja yoga barcelona: reconocimientos y premios de Shri MatajiSahaja yoga barcelona: reconocimientos y premios de Shri Mataji
Sahaja yoga barcelona: reconocimientos y premios de Shri Mataji
SahajaYogaBarcelona
 
Design PRO
Design PRO Design PRO
Design PRO
designPRO
 
Wikisaber uso de las tic
Wikisaber uso de las ticWikisaber uso de las tic
Wikisaber uso de las tic
jovireyes
 
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Karina Anatnasg
 
Bzness - Institucional
Bzness - InstitucionalBzness - Institucional
Bzness - Institucional
IMO.ETC
 
Lamagiadecabral
LamagiadecabralLamagiadecabral
Lamagiadecabral
lapsus37angelus
 
Guia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del LozoyaGuia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del Lozoya
cuadronsierranorte
 
ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)
ekonomistak
 
Portafolio de servicios sinapsix
Portafolio de servicios sinapsixPortafolio de servicios sinapsix
Portafolio de servicios sinapsix
Sinapsix C.A.
 
AAUP 2011: Online Journals (K. Purple)
AAUP 2011: Online Journals (K. Purple)AAUP 2011: Online Journals (K. Purple)
AAUP 2011: Online Journals (K. Purple)
Association of University Presses
 
Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)
Jan Martinek
 
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Living Lab Guadalinfo
 
Améliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-MailAméliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-Mail
Tourisme Obernai
 
3D Graphical UI Presentation
3D Graphical UI Presentation3D Graphical UI Presentation
3D Graphical UI Presentation
klynn05
 
Colposcopía básica
Colposcopía básicaColposcopía básica
Colposcopía básica
Luz Arias Morales
 
Conductismo - Gladys Curone
Conductismo - Gladys Curone Conductismo - Gladys Curone
Conductismo - Gladys Curone
Gladys Curone
 
Seminario De BI
Seminario De BISeminario De BI
Seminario De BI
grupomitk
 
Political
PoliticalPolitical
Political
Nagendra Kumar
 
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen
 
Principal (1)
Principal (1)Principal (1)
Principal (1)
Cindy Pardo
 
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackInfosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Seculert
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach
Seculert
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming Interface
Seculert
 
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesImprove Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
Seculert
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
Seculert
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013
Seculert
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
 

More Related Content

Viewers also liked

ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)
ekonomistak
 
Portafolio de servicios sinapsix
Portafolio de servicios sinapsixPortafolio de servicios sinapsix
Portafolio de servicios sinapsix
Sinapsix C.A.
 
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Living Lab Guadalinfo
 

Viewers also liked (15)

Lamagiadecabral
LamagiadecabralLamagiadecabral
Lamagiadecabral
 
Guia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del LozoyaGuia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del Lozoya
 
ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)
 
Portafolio de servicios sinapsix
Portafolio de servicios sinapsixPortafolio de servicios sinapsix
Portafolio de servicios sinapsix
 
AAUP 2011: Online Journals (K. Purple)
AAUP 2011: Online Journals (K. Purple)AAUP 2011: Online Journals (K. Purple)
AAUP 2011: Online Journals (K. Purple)
 
Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)
 
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
 
Améliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-MailAméliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-Mail
 
3D Graphical UI Presentation
3D Graphical UI Presentation3D Graphical UI Presentation
3D Graphical UI Presentation
 
Colposcopía básica
Colposcopía básicaColposcopía básica
Colposcopía básica
 
Conductismo - Gladys Curone
Conductismo - Gladys Curone Conductismo - Gladys Curone
Conductismo - Gladys Curone
 
Seminario De BI
Seminario De BISeminario De BI
Seminario De BI
 
Political
PoliticalPolitical
Political
 
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
 
Principal (1)
Principal (1)Principal (1)
Principal (1)
 

More from Seculert

Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackInfosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Seculert
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach
Seculert
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
Seculert
 

More from Seculert (6)

Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackInfosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming Interface
 
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesImprove Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Botnet Interception

  • 1. DATA SHEET Advanced Threat Protection Botnet Interception A large percentage of today’s advanced threats operate as a botnet – a network of malware-infected devices run by a series of Command and Control servers. They gradually spread throughout the users and endpoints in your organization until they can do significant damage. Remote employees and employees using personal mobile devices are a prime target for botnets because they are beyond the protection provided by enterprise security defenses. Seculert Botnet interception analyzes botnet traffic to identify all infected users and endpoints – whether they are inside or outside of the corporate network. It takes minutes to set up - there is nothing to deploy or install and no need to direct network traffic to Seculert for analysis. As soon as you sign up for Seculert Botnet Interception, it detects malware infections that are already affecting your organization – and that your current security defenses have not detected. Seculert is a comprehensive cloud-based solution for protecting organizations from advanced malware, APTs and zero-day attacks. Seculert combines several key detection and protection technologies – an Elastic Sandbox environment, Botnet Interception, and Traffic Log Analysis - in What is a Botnet? Like all advanced malware, botnets evolve. That is why it is essential to analyze them over a significant period of time. A typical botnet may undergo three stages: one simple solution that proactively identifies new threats as they emerge. • Opportunistic: Criminals attack the general population, usually for monetary gain. The risk is usually greater to the individual rather than to the organization. • Semi-opportunistic: This category is programed to infect specific targets in a search for vulnerable entry points and key employees in a specific industry or country, and is often performed with the goal of selling the information onward. • Targeted: Once vulnerable targets have been found, a targeted attack with well-defined goals may be launched by the original hacker or by a second criminal organization with more focused goals. Seculert Botnet Interception is effective with all three types. It uses a number of recognized techniques, such as sinkholing and honeypots, along with proprietary, patent-pending methods that work together to collect information that no other method can deliver. How it Works Standard botnet monitoring services provide a list of known Command and Control servers so you can block them. Seculert goes one step further and actually identifies the users and endpoints that are infected. As soon as we identify a botnet, we infect our own servers and join the network. We actually go “behind the enemy lines” to collect intelligence. Seculert Botnet Interception collects millions of global bot transmissions as they communicate with Command and Control servers (C&C) every day. Using a wide range of techniques, the Botnet Interception module silently intercepts the traffic, analyzes it and determines if our customers are infected. Botnet interception uses known techniques, such as sinkholing and honeypots, along with proprietary technologies developed by Seculert to intercept and analyze botnet traffic. DATA SHEET BOTNET INTERCEPTION | 1
  • 2. Example: How Does Sinkholing Work? 1. Suspicious code is allowed to run for an extended period of time in the Elastic Sandbox. The traffic generated by the malware is studied using Big Data analytics and proprietary machine learning technology. The platform understands the pattern of communication between the bot and its C&C servers. 2. One of a botnet’s primary evasion tactics is to periodically change the address of the C&C server, so that you will not spot a lot of suspicious traffic going out to one address. Malware includes a configuration file that lists the servers to try to contact. Seculert understands the pattern and predicts the domains that the C&C is likely to use in the future. 3. Seculert identifies domains that are still available and registers them. The new domains are set up to direct all botnet traffic through Seculert’s sinkhole server. 4. When the current C&C server domain is suspended or blocked by the ISP, the botnet will move on to the next C&C server on the list, which is actually registered to Seculert. It redirects the traffic to the sinkhole server, which automatically logs the communication and then immediately ends the session. It’s important to note that the sinkhole server isn’t actively perpetuating the botnet – it is only monitoring the traffic. 5. Seculert’s Big Data analytics are again used to analyze the traffic from the sinkhole server and correlate customers’ IP addresses, web interface domains and identities, in order to detect infected machines. In this way, it can identify users and endpoints up to the machine name, both inside and outside of your internal corporate network – including remote workers and BYOD. 6. Seculert immediately acts on the information, updating customer dashboards, sending email alerts, and through the API, informing proxies and firewalls of which users and devices to block. Through the API, seculert also provides full event information to SIEM systems for correlation and forensics. DATA SHEET BOTNET INTERCEPTION | 2
  • 3. Two Minute Setup, Immediate Results Since it is a cloud-based service, Seculert Botnet Interception is entirely zero-touch for your organization: no need to change your security architecture, install software, deploy a new appliance, or redirect Internet traffic. You can set it up in seconds by simply defining a range of IP addresses or outward facing web domains (e.g. sslvpn.mycompanydomain. com or owa.mycompanydomain.com), and detection begins immediately. After any attack is detected, the dashboard supplies you with a detailed incident report so that you can understand and mitigate your exposure and modify your security policies as needed. Immediately see the users and devices infected – both inside and outside the corporate network You will see the compromised computer by IP, machine name, employees email, threat type, crime server, raw data of the transmission from the bot to the crime server plus the time and date of the transmission. We also group together all the relevant transmissions from the source to the crime server. The raw data can sometimes include the confidential information that was leaked by the bot, e.g. credentials to access critical web services. The malware behavior is displayed in a graph and shows the daily number of transmissions. We also provide separate tabs for risks and recommendations. Incident Results within the Seculert Dashboard Remote Users and BYOD When it comes to advanced threats, remote employees pose one of the biggest risks to your organization. The steps you have taken to fortify your internal network simply will not detect or block infection from remote users including employees and partners working outside the office. Small offices and other “remote” sites pose a similar challenge. They are vulnerable to advanced malware and they regularly access your most crucial data assets, yet it is simply not costeffective to implement pricey ATP appliances at each location. Seculert is the only Advanced Threat Protection solution designed to protect remote users - no matter where they are located, and regardless of the computer, mobile device or operating system they use. Seculert’s unique Botnet Interception technology looks both inside and outside your internal network to identify every computer infected by known malware. DATA SHEET BOTNET INTERCEPTION | 3
  • 4. Automated Protection API To make the most of Botnet Interception, you can integrate it with your existing security infrastructure using the Seculert Protection API. The API features two simple interfaces for accessing and retrieving data: • A web request that retrieves the complete list of crime servers and the time period they were observed to be active. • A web request that retrieves all the incidents that were detected by Seculert for the specific organization, including the employees’ internal and remote access, partners and customers. The API can communicate directly with corporate firewalls and proxies to block traffic. To support complete forensics, threat detection data can also be sent to SIEM systems for correlation. Some additional examples of integration include: • Updating Seculert’s list of crime servers to the access list of the corporate web proxy or secure web gateway. This will ensure that the bot infected computers will not communicate with the crime servers. • Using the API to upload the compromised computers into the firewall policies. This will help isolate infected computers and block them from accessing your data centers or internal assets until remediation. Synergistic Technologies Seculert’s Botnet Interception is extremely powerful – but it is the combination of the Botnet Interception working together with all of Seculert’s core technologies that provides the key to successful advanced Threat Protection. In addition to the Botnet Interception, Seculert features: • Elastic sandbox environment to execute and study suspicious code for as long as necessary in order to profile it. • Automated traffic log file analysis to identify unknown malware that is targeting your organization. • Protection API to automatically stop identified threats through integration with perimeter defenses. • Big Data analytics analyzes tens of thousands of malware profiles daily as well as petabytes of traffic logs in order to detect APTs. • Machine learning technology identifies unknown malware based on an understanding of malware behavior in order to keep up with the volume and rate of change. • Intuitive dashboard puts instant information about all advanced threats at your fingertips. • Full coverage of remote and mobile users on all endpoints including BYOD - without installing a single appliance or endpoint solution. • Cost-effective cloud service means no installation, instant results, and low total cost of ownership. Licensing You can experience Botnet Interception completely for free; however, the fully detailed results will be limited. In addition the API and some of the reports are only available with the Premium version. Please contact us for more details. Toll Free (US): 1-855-732-8537 Tel (US): 1-408-560-3400 info@seculert.com www.seculert.com Tel (UK): 44-203-355-6444 Tel (Intl): 972-3-919-3366 DATA SHEET BOTNET INTERCEPTION | 4