SlideShare a Scribd company logo

Botnet Interception

Seculert
Seculert

The cyber threat landscape is becoming more dangerous and challenging all the time. Here, you’ll find a practical, expert-crafted resource to help keep your enterprise secure and successful for the long-term. It’s our way to help you get informed -- and stay safe. Botnet Interception -Detects unknown threats -Tracks communication between bots and command and control servers -Searches botnet traffic for company's IP addresses and domains -Follows the footprint of live malware -Identifies internal and external threats -Detects malware on devices belonging to the company's internal and external employees, partners, and customer

Technology
1 of 4
Download to read offline
DATA SHEET Advanced Threat Protection Botnet Interception A large percentage of today’s advanced threats operate as a botnet – a network of malware-infected devices run by a series of Command and Control servers. They gradually spread throughout the users and endpoints in your organization until they can do significant damage. Remote employees and employees using personal mobile devices are a prime target for botnets because they are beyond the protection provided by enterprise security defenses. Seculert Botnet interception analyzes botnet traffic to identify all infected users and endpoints – whether they are inside or outside of the corporate network. It takes minutes to set up - there is nothing to deploy or install and no need to direct network traffic to Seculert for analysis. As soon as you sign up for Seculert Botnet Interception, it detects malware infections that are already affecting your organization – and that your current security defenses have not detected. Seculert is a comprehensive cloud-based solution for protecting organizations from advanced malware, APTs and zero-day attacks. Seculert combines several key detection and protection technologies – an Elastic Sandbox environment, Botnet Interception, and Traffic Log Analysis - in What is a Botnet? Like all advanced malware, botnets evolve. That is why it is essential to analyze them over a significant period of time. A typical botnet may undergo three stages: one simple solution that proactively identifies new threats as they emerge. • Opportunistic: Criminals attack the general population, usually for monetary gain. The risk is usually greater to the individual rather than to the organization. • Semi-opportunistic: This category is programed to infect specific targets in a search for vulnerable entry points and key employees in a specific industry or country, and is often performed with the goal of selling the information onward. • Targeted: Once vulnerable targets have been found, a targeted attack with well-defined goals may be launched by the original hacker or by a second criminal organization with more focused goals. Seculert Botnet Interception is effective with all three types. It uses a number of recognized techniques, such as sinkholing and honeypots, along with proprietary, patent-pending methods that work together to collect information that no other method can deliver. How it Works Standard botnet monitoring services provide a list of known Command and Control servers so you can block them. Seculert goes one step further and actually identifies the users and endpoints that are infected. As soon as we identify a botnet, we infect our own servers and join the network. We actually go “behind the enemy lines” to collect intelligence. Seculert Botnet Interception collects millions of global bot transmissions as they communicate with Command and Control servers (C&C) every day. Using a wide range of techniques, the Botnet Interception module silently intercepts the traffic, analyzes it and determines if our customers are infected. Botnet interception uses known techniques, such as sinkholing and honeypots, along with proprietary technologies developed by Seculert to intercept and analyze botnet traffic. DATA SHEET BOTNET INTERCEPTION | 1
Example: How Does Sinkholing Work? 1. Suspicious code is allowed to run for an extended period of time in the Elastic Sandbox. The traffic generated by the malware is studied using Big Data analytics and proprietary machine learning technology. The platform understands the pattern of communication between the bot and its C&C servers. 2. One of a botnet’s primary evasion tactics is to periodically change the address of the C&C server, so that you will not spot a lot of suspicious traffic going out to one address. Malware includes a configuration file that lists the servers to try to contact. Seculert understands the pattern and predicts the domains that the C&C is likely to use in the future. 3. Seculert identifies domains that are still available and registers them. The new domains are set up to direct all botnet traffic through Seculert’s sinkhole server. 4. When the current C&C server domain is suspended or blocked by the ISP, the botnet will move on to the next C&C server on the list, which is actually registered to Seculert. It redirects the traffic to the sinkhole server, which automatically logs the communication and then immediately ends the session. It’s important to note that the sinkhole server isn’t actively perpetuating the botnet – it is only monitoring the traffic. 5. Seculert’s Big Data analytics are again used to analyze the traffic from the sinkhole server and correlate customers’ IP addresses, web interface domains and identities, in order to detect infected machines. In this way, it can identify users and endpoints up to the machine name, both inside and outside of your internal corporate network – including remote workers and BYOD. 6. Seculert immediately acts on the information, updating customer dashboards, sending email alerts, and through the API, informing proxies and firewalls of which users and devices to block. Through the API, seculert also provides full event information to SIEM systems for correlation and forensics. DATA SHEET BOTNET INTERCEPTION | 2
Two Minute Setup, Immediate Results Since it is a cloud-based service, Seculert Botnet Interception is entirely zero-touch for your organization: no need to change your security architecture, install software, deploy a new appliance, or redirect Internet traffic. You can set it up in seconds by simply defining a range of IP addresses or outward facing web domains (e.g. sslvpn.mycompanydomain. com or owa.mycompanydomain.com), and detection begins immediately. After any attack is detected, the dashboard supplies you with a detailed incident report so that you can understand and mitigate your exposure and modify your security policies as needed. Immediately see the users and devices infected – both inside and outside the corporate network You will see the compromised computer by IP, machine name, employees email, threat type, crime server, raw data of the transmission from the bot to the crime server plus the time and date of the transmission. We also group together all the relevant transmissions from the source to the crime server. The raw data can sometimes include the confidential information that was leaked by the bot, e.g. credentials to access critical web services. The malware behavior is displayed in a graph and shows the daily number of transmissions. We also provide separate tabs for risks and recommendations. Incident Results within the Seculert Dashboard Remote Users and BYOD When it comes to advanced threats, remote employees pose one of the biggest risks to your organization. The steps you have taken to fortify your internal network simply will not detect or block infection from remote users including employees and partners working outside the office. Small offices and other “remote” sites pose a similar challenge. They are vulnerable to advanced malware and they regularly access your most crucial data assets, yet it is simply not costeffective to implement pricey ATP appliances at each location. Seculert is the only Advanced Threat Protection solution designed to protect remote users - no matter where they are located, and regardless of the computer, mobile device or operating system they use. Seculert’s unique Botnet Interception technology looks both inside and outside your internal network to identify every computer infected by known malware. DATA SHEET BOTNET INTERCEPTION | 3
Automated Protection API To make the most of Botnet Interception, you can integrate it with your existing security infrastructure using the Seculert Protection API. The API features two simple interfaces for accessing and retrieving data: • A web request that retrieves the complete list of crime servers and the time period they were observed to be active. • A web request that retrieves all the incidents that were detected by Seculert for the specific organization, including the employees’ internal and remote access, partners and customers. The API can communicate directly with corporate firewalls and proxies to block traffic. To support complete forensics, threat detection data can also be sent to SIEM systems for correlation. Some additional examples of integration include: • Updating Seculert’s list of crime servers to the access list of the corporate web proxy or secure web gateway. This will ensure that the bot infected computers will not communicate with the crime servers. • Using the API to upload the compromised computers into the firewall policies. This will help isolate infected computers and block them from accessing your data centers or internal assets until remediation. Synergistic Technologies Seculert’s Botnet Interception is extremely powerful – but it is the combination of the Botnet Interception working together with all of Seculert’s core technologies that provides the key to successful advanced Threat Protection. In addition to the Botnet Interception, Seculert features: • Elastic sandbox environment to execute and study suspicious code for as long as necessary in order to profile it. • Automated traffic log file analysis to identify unknown malware that is targeting your organization. • Protection API to automatically stop identified threats through integration with perimeter defenses. • Big Data analytics analyzes tens of thousands of malware profiles daily as well as petabytes of traffic logs in order to detect APTs. • Machine learning technology identifies unknown malware based on an understanding of malware behavior in order to keep up with the volume and rate of change. • Intuitive dashboard puts instant information about all advanced threats at your fingertips. • Full coverage of remote and mobile users on all endpoints including BYOD - without installing a single appliance or endpoint solution. • Cost-effective cloud service means no installation, instant results, and low total cost of ownership. Licensing You can experience Botnet Interception completely for free; however, the fully detailed results will be limited. In addition the API and some of the reports are only available with the Premium version. Please contact us for more details. Toll Free (US): 1-855-732-8537 Tel (US): 1-408-560-3400 info@seculert.com www.seculert.com Tel (UK): 44-203-355-6444 Tel (Intl): 972-3-919-3366 DATA SHEET BOTNET INTERCEPTION | 4

Recommended

Novus Consulting Services
Novus Consulting ServicesNovus Consulting Services
Novus Consulting Servicesnovusgs
 
Escrito sin fotos vivencia
Escrito sin fotos vivenciaEscrito sin fotos vivencia
Escrito sin fotos vivenciaNataly Villamizar
 
Emprendimiento
EmprendimientoEmprendimiento
EmprendimientoLaura Marulanda
 
Sahaja yoga barcelona: reconocimientos y premios de Shri Mataji
Sahaja yoga barcelona: reconocimientos y premios de Shri MatajiSahaja yoga barcelona: reconocimientos y premios de Shri Mataji
Sahaja yoga barcelona: reconocimientos y premios de Shri MatajiSahajaYogaBarcelona
 
Design PRO
Design PRO Design PRO
Design PRO designPRO
 
Wikisaber uso de las tic
Wikisaber uso de las ticWikisaber uso de las tic
Wikisaber uso de las ticjovireyes
 
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...Karina Anatnasg
 
Bzness - Institucional
Bzness - InstitucionalBzness - Institucional
Bzness - InstitucionalIMO.ETC
 

Recommended

Novus Consulting Services
Novus Consulting ServicesNovus Consulting Services
Novus Consulting Servicesnovusgs
 
Escrito sin fotos vivencia
Escrito sin fotos vivenciaEscrito sin fotos vivencia
Escrito sin fotos vivenciaNataly Villamizar
 
Emprendimiento
EmprendimientoEmprendimiento
EmprendimientoLaura Marulanda
 
Sahaja yoga barcelona: reconocimientos y premios de Shri Mataji
Sahaja yoga barcelona: reconocimientos y premios de Shri MatajiSahaja yoga barcelona: reconocimientos y premios de Shri Mataji
Sahaja yoga barcelona: reconocimientos y premios de Shri MatajiSahajaYogaBarcelona
 
Design PRO
Design PRO Design PRO
Design PRO designPRO
 
Wikisaber uso de las tic
Wikisaber uso de las ticWikisaber uso de las tic
Wikisaber uso de las ticjovireyes
 
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...Estudio estadístico de campo del autotransporte nacional Análisis estadístico...
Estudio estadístico de campo del autotransporte nacional Análisis estadístico...Karina Anatnasg
 
Bzness - Institucional
Bzness - InstitucionalBzness - Institucional
Bzness - InstitucionalIMO.ETC
 
Lamagiadecabral
LamagiadecabralLamagiadecabral
Lamagiadecabrallapsus37angelus
 
Guia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del LozoyaGuia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del Lozoyacuadronsierranorte
 
ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)ekonomistak
 
Portafolio de servicios sinapsix
Portafolio de servicios sinapsixPortafolio de servicios sinapsix
Portafolio de servicios sinapsixSinapsix C.A.
 
AAUP 2011: Online Journals (K. Purple)
AAUP 2011: Online Journals (K. Purple)AAUP 2011: Online Journals (K. Purple)
AAUP 2011: Online Journals (K. Purple)Association of University Presses
 
Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)Jan Martinek
 
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven Living Lab Guadalinfo
 
Améliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-MailAméliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-MailTourisme Obernai
 
3D Graphical UI Presentation
3D Graphical UI Presentation3D Graphical UI Presentation
3D Graphical UI Presentationklynn05
 
Colposcopía básica
Colposcopía básicaColposcopía básica
Colposcopía básicaLuz Arias Morales
 
Conductismo - Gladys Curone
Conductismo - Gladys Curone Conductismo - Gladys Curone
Conductismo - Gladys Curone Gladys Curone
 
Seminario De BI
Seminario De BISeminario De BI
Seminario De BIgrupomitk
 
Political
PoliticalPolitical
PoliticalNagendra Kumar
 
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!Kinder in Rio e.V. Oberhausen
 
Principal (1)
Principal (1)Principal (1)
Principal (1)Cindy Pardo
 
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackInfosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackSeculert
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming InterfaceSeculert
 
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesImprove Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesSeculert
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013Seculert
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

More Related Content

Viewers also liked

Guia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del LozoyaGuia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del Lozoyacuadronsierranorte
 
ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)ekonomistak
 
Portafolio de servicios sinapsix
Portafolio de servicios sinapsixPortafolio de servicios sinapsix
Portafolio de servicios sinapsixSinapsix C.A.
 
Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)Jan Martinek
 
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven Living Lab Guadalinfo
 
Améliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-MailAméliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-MailTourisme Obernai
 
3D Graphical UI Presentation
3D Graphical UI Presentation3D Graphical UI Presentation
3D Graphical UI Presentationklynn05
 
Conductismo - Gladys Curone
Conductismo - Gladys Curone Conductismo - Gladys Curone
Conductismo - Gladys Curone Gladys Curone
 
Seminario De BI
Seminario De BISeminario De BI
Seminario De BIgrupomitk
 
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!Kinder in Rio e.V. Oberhausen
 

Viewers also liked (15)

Lamagiadecabral
LamagiadecabralLamagiadecabral
Lamagiadecabral
 
Guia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del LozoyaGuia ecoturismo Valle del Lozoya
Guia ecoturismo Valle del Lozoya
 
ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)ekonomista 2.0 - N.º 7 (cast)
ekonomista 2.0 - N.º 7 (cast)
 
Portafolio de servicios sinapsix
Portafolio de servicios sinapsixPortafolio de servicios sinapsix
Portafolio de servicios sinapsix
 
AAUP 2011: Online Journals (K. Purple)
AAUP 2011: Online Journals (K. Purple)AAUP 2011: Online Journals (K. Purple)
AAUP 2011: Online Journals (K. Purple)
 
Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)Proč dělám svou práci špatně (Barcamp Brno 2011)
Proč dělám svou práci špatně (Barcamp Brno 2011)
 
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
Proyecto Empleo Córdoba: Maratón Guadalinfo Joven
 
Améliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-MailAméliorer ma Relation client par l'E-Mail
Améliorer ma Relation client par l'E-Mail
 
3D Graphical UI Presentation
3D Graphical UI Presentation3D Graphical UI Presentation
3D Graphical UI Presentation
 
Colposcopía básica
Colposcopía básicaColposcopía básica
Colposcopía básica
 
Conductismo - Gladys Curone
Conductismo - Gladys Curone Conductismo - Gladys Curone
Conductismo - Gladys Curone
 
Seminario De BI
Seminario De BISeminario De BI
Seminario De BI
 
Political
PoliticalPolitical
Political
 
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
Kinder in Rio e.V. Oberhausen - Werden Sie QM-Spender!
 
Principal (1)
Principal (1)Principal (1)
Principal (1)
 

More from Seculert

Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackInfosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackSeculert
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming InterfaceSeculert
 
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesImprove Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesSeculert
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013Seculert
 

More from Seculert (6)

Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackInfosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming Interface
 
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesImprove Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 

Botnet Interception

  • 1. DATA SHEET Advanced Threat Protection Botnet Interception A large percentage of today’s advanced threats operate as a botnet – a network of malware-infected devices run by a series of Command and Control servers. They gradually spread throughout the users and endpoints in your organization until they can do significant damage. Remote employees and employees using personal mobile devices are a prime target for botnets because they are beyond the protection provided by enterprise security defenses. Seculert Botnet interception analyzes botnet traffic to identify all infected users and endpoints – whether they are inside or outside of the corporate network. It takes minutes to set up - there is nothing to deploy or install and no need to direct network traffic to Seculert for analysis. As soon as you sign up for Seculert Botnet Interception, it detects malware infections that are already affecting your organization – and that your current security defenses have not detected. Seculert is a comprehensive cloud-based solution for protecting organizations from advanced malware, APTs and zero-day attacks. Seculert combines several key detection and protection technologies – an Elastic Sandbox environment, Botnet Interception, and Traffic Log Analysis - in What is a Botnet? Like all advanced malware, botnets evolve. That is why it is essential to analyze them over a significant period of time. A typical botnet may undergo three stages: one simple solution that proactively identifies new threats as they emerge. • Opportunistic: Criminals attack the general population, usually for monetary gain. The risk is usually greater to the individual rather than to the organization. • Semi-opportunistic: This category is programed to infect specific targets in a search for vulnerable entry points and key employees in a specific industry or country, and is often performed with the goal of selling the information onward. • Targeted: Once vulnerable targets have been found, a targeted attack with well-defined goals may be launched by the original hacker or by a second criminal organization with more focused goals. Seculert Botnet Interception is effective with all three types. It uses a number of recognized techniques, such as sinkholing and honeypots, along with proprietary, patent-pending methods that work together to collect information that no other method can deliver. How it Works Standard botnet monitoring services provide a list of known Command and Control servers so you can block them. Seculert goes one step further and actually identifies the users and endpoints that are infected. As soon as we identify a botnet, we infect our own servers and join the network. We actually go “behind the enemy lines” to collect intelligence. Seculert Botnet Interception collects millions of global bot transmissions as they communicate with Command and Control servers (C&C) every day. Using a wide range of techniques, the Botnet Interception module silently intercepts the traffic, analyzes it and determines if our customers are infected. Botnet interception uses known techniques, such as sinkholing and honeypots, along with proprietary technologies developed by Seculert to intercept and analyze botnet traffic. DATA SHEET BOTNET INTERCEPTION | 1
  • 2. Example: How Does Sinkholing Work? 1. Suspicious code is allowed to run for an extended period of time in the Elastic Sandbox. The traffic generated by the malware is studied using Big Data analytics and proprietary machine learning technology. The platform understands the pattern of communication between the bot and its C&C servers. 2. One of a botnet’s primary evasion tactics is to periodically change the address of the C&C server, so that you will not spot a lot of suspicious traffic going out to one address. Malware includes a configuration file that lists the servers to try to contact. Seculert understands the pattern and predicts the domains that the C&C is likely to use in the future. 3. Seculert identifies domains that are still available and registers them. The new domains are set up to direct all botnet traffic through Seculert’s sinkhole server. 4. When the current C&C server domain is suspended or blocked by the ISP, the botnet will move on to the next C&C server on the list, which is actually registered to Seculert. It redirects the traffic to the sinkhole server, which automatically logs the communication and then immediately ends the session. It’s important to note that the sinkhole server isn’t actively perpetuating the botnet – it is only monitoring the traffic. 5. Seculert’s Big Data analytics are again used to analyze the traffic from the sinkhole server and correlate customers’ IP addresses, web interface domains and identities, in order to detect infected machines. In this way, it can identify users and endpoints up to the machine name, both inside and outside of your internal corporate network – including remote workers and BYOD. 6. Seculert immediately acts on the information, updating customer dashboards, sending email alerts, and through the API, informing proxies and firewalls of which users and devices to block. Through the API, seculert also provides full event information to SIEM systems for correlation and forensics. DATA SHEET BOTNET INTERCEPTION | 2
  • 3. Two Minute Setup, Immediate Results Since it is a cloud-based service, Seculert Botnet Interception is entirely zero-touch for your organization: no need to change your security architecture, install software, deploy a new appliance, or redirect Internet traffic. You can set it up in seconds by simply defining a range of IP addresses or outward facing web domains (e.g. sslvpn.mycompanydomain. com or owa.mycompanydomain.com), and detection begins immediately. After any attack is detected, the dashboard supplies you with a detailed incident report so that you can understand and mitigate your exposure and modify your security policies as needed. Immediately see the users and devices infected – both inside and outside the corporate network You will see the compromised computer by IP, machine name, employees email, threat type, crime server, raw data of the transmission from the bot to the crime server plus the time and date of the transmission. We also group together all the relevant transmissions from the source to the crime server. The raw data can sometimes include the confidential information that was leaked by the bot, e.g. credentials to access critical web services. The malware behavior is displayed in a graph and shows the daily number of transmissions. We also provide separate tabs for risks and recommendations. Incident Results within the Seculert Dashboard Remote Users and BYOD When it comes to advanced threats, remote employees pose one of the biggest risks to your organization. The steps you have taken to fortify your internal network simply will not detect or block infection from remote users including employees and partners working outside the office. Small offices and other “remote” sites pose a similar challenge. They are vulnerable to advanced malware and they regularly access your most crucial data assets, yet it is simply not costeffective to implement pricey ATP appliances at each location. Seculert is the only Advanced Threat Protection solution designed to protect remote users - no matter where they are located, and regardless of the computer, mobile device or operating system they use. Seculert’s unique Botnet Interception technology looks both inside and outside your internal network to identify every computer infected by known malware. DATA SHEET BOTNET INTERCEPTION | 3
  • 4. Automated Protection API To make the most of Botnet Interception, you can integrate it with your existing security infrastructure using the Seculert Protection API. The API features two simple interfaces for accessing and retrieving data: • A web request that retrieves the complete list of crime servers and the time period they were observed to be active. • A web request that retrieves all the incidents that were detected by Seculert for the specific organization, including the employees’ internal and remote access, partners and customers. The API can communicate directly with corporate firewalls and proxies to block traffic. To support complete forensics, threat detection data can also be sent to SIEM systems for correlation. Some additional examples of integration include: • Updating Seculert’s list of crime servers to the access list of the corporate web proxy or secure web gateway. This will ensure that the bot infected computers will not communicate with the crime servers. • Using the API to upload the compromised computers into the firewall policies. This will help isolate infected computers and block them from accessing your data centers or internal assets until remediation. Synergistic Technologies Seculert’s Botnet Interception is extremely powerful – but it is the combination of the Botnet Interception working together with all of Seculert’s core technologies that provides the key to successful advanced Threat Protection. In addition to the Botnet Interception, Seculert features: • Elastic sandbox environment to execute and study suspicious code for as long as necessary in order to profile it. • Automated traffic log file analysis to identify unknown malware that is targeting your organization. • Protection API to automatically stop identified threats through integration with perimeter defenses. • Big Data analytics analyzes tens of thousands of malware profiles daily as well as petabytes of traffic logs in order to detect APTs. • Machine learning technology identifies unknown malware based on an understanding of malware behavior in order to keep up with the volume and rate of change. • Intuitive dashboard puts instant information about all advanced threats at your fingertips. • Full coverage of remote and mobile users on all endpoints including BYOD - without installing a single appliance or endpoint solution. • Cost-effective cloud service means no installation, instant results, and low total cost of ownership. Licensing You can experience Botnet Interception completely for free; however, the fully detailed results will be limited. In addition the API and some of the reports are only available with the Premium version. Please contact us for more details. Toll Free (US): 1-855-732-8537 Tel (US): 1-408-560-3400 info@seculert.com www.seculert.com Tel (UK): 44-203-355-6444 Tel (Intl): 972-3-919-3366 DATA SHEET BOTNET INTERCEPTION | 4