Seculert Uses Big Data Analytics in Malware Detection
Seculert Sense uses crowdsourcing, security collaboration to combat advanced persistent threats.
Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.
Seculert, the cloud-based advanced threat detection company, has shipped Seculert Sense, a cloud-based analysis engine that combines customers’ on-premise logs and Seculert’s outbound intelligence gathered from live botnets to identify advanced persistent threats (APT) and unknown malware.
Seculert Sense is provided as a premium service, extending the company’s flagship offering, Seculert Echo, a non-intrusive threat intelligence service that monitors live botnet activity around the globe, alerting users to compromised endpoints. By leveraging precise botnet data, Seculert improves threat detection rates and reduces false positives.
With Seculert Sense, customers can now upload log files (using a Secure FTPS tunnel) or upstream logs (through Syslog directly from a secure Web gateway or Web proxy devices), or use a log aggregation solution for real-time detection and forensics investigation. Built on Amazon Elastic MapReduce, Seculert Sense launches a “big data analysis cloud” that rapidly analyzes an organization’s vast amount of log data, going back months or even years and comparing it against the thousands of unique malware samples collected by Seculert. Over time, Seculert Sense continues to digest huge amounts of data to identify persistent attacks that are going undetected by next generation IPs, Anti-Bot, and Secure Web Gateways.
“Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40,000 samples of unknown malware that originate from in-house research, customers, and third-party sources,” said Dudi Matot, co-founder and CEO of Seculert. “Because cyberattacks don’t target just one entity, we would be doing a disservice to our customers by not sharing our research and knowledge across the board. Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such.”
Using state-of-the-art big data technology such as Hadoop, Seculert scans massive amounts of data to find tracks from malware connectivity. Unlike traditional firewalls that require a real-time online decision about whether a packet is malicious, Seculert Sense can apply multiple and parallel offline scans to ensure a comprehensive search is conducted. Each scan takes a different layer of perspective to detect advanced malware.
When Seculert Sense identifies malicious activity in any log source, it automatically detects similar activities in other sources, even if the logs originate from different vendor products. This enables discovery of targeted attacks across distributed enterprise environments, or even across multiple organizations and industries.
Seculert Sense users are provided with forensic information detailing detected attacks in reports available in the Seculert Web dashboard. This includes the ability to view specific APT attacks, infected endpoints (including mobile), and phone-home calls to ever-changing criminal servers. The Web dashboard provides a drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware.
Seculert's cloud services are non-intrusive and designed to complement an existing security infrastructure by providing additional cloud malware detection capabilities on top of on-premise security products. Without the need for new hardware, software or changes to the corporate network, deployment of Seculert Sense is instant and extremely cost-effective. Users may even upload ELFF log files from existing vendors such as Bluecoat, WebSense and SQUID so that Seculert Sense can identify previously undetected malware.
For more information about Seculert Sense, visit
seculert.com/sense.html.