Attackers Are Already In Your Network

Are You Prepared To Stop Them Before They Succeed?


Do you know?

What you don't know?

Probably not...

40% of gateways fail

We can show you.

in 2 minutes or less


Unsplashed background img 1

Seculert Key Benefits & Features


Real World Threats, Exposed in 2 Minutes... Fixed in 5.

Seculert Javelin is the first inside-out attack simulation and remediation service that allows you to determine how well your secure web gateways (SWG), next-generation firewalls (NGFW), or proxy would do at preventing the latest, real world, malicious malware attacks from succeeding in communicating with their perpetrator’s command and control servers.

Javelin replicates the destination-based communication used by latest, real-world [active-trending] attacks to exfiltrate data. The test takes less than 2 minutes to complete and uses no actual malware.

Javelin also provides a Daily Fix to fill the gaps in gateway performance identified by the attack simulation. 

To learn how to use the Javelin’s Daily Fix to update your gateway and avoid falling victim to current real world attacks, click here.

find out more

Is Your Gateway Really Protecting You?

Your web gateway, NGFW, or proxy is designed to protect you from the effects of malware attacks that penetrate your network. But is it? Seculert Labs research consistently reveals that, as a category, gateway solutions miss 40% of malicious outbound communications and allow active attacks to communicate with their perpetrators.

Seculert Labs also found that when a gateway fails to block attack communication it permits a lot of data to escape the network. The average number of successful outbound communications per incident (or infected device) is more than 100.

Measured over time, nearly all of the gateways observed exhibited uneven performance. While most performed well for weeks or months, eventually all showed evidence of being “defeated” by the adversary.

To learn how to use the Javelin’s Daily Fix to update your gateway and avoid falling victim to current real world attacks, click here.
find out more

Empower Your Gateway to Contain Evasive Techniques

In a perfect world it would be possible to identify new attacks in real time before they infect any devices on a large network. In the real world, however, attacks are stealthy and designed to defeat even the most the modern prevention solutions. The attackers have also adopted “low and slow” propagation strategies to make their attacks even harder to detect. The challenge this creates for security teams is how to best complement their prevention strategies with effective containment.

Designers of evasive techniques are intimately familiar with the capabilities (and weaknesses) of current prevention and containment solutions and are using this knowledge to develop a whole new generation of evasive techniques.

These types of attacks can only be identified with sophisticated behavioral detection technologies based on superior anti-malware science and machine learning. Seculert Shield is designed to perform exactly this job and provide SOC teams with unique visibility into these techniques and provide the containment tools to stop them.
find out more

Latest From The Blog

Aug 19, 2016 1:33:51 PM

Possible Nation State Attackers ProjectSauron to Covertly Eavesdrop on Government.

InfoSec professionals know that most so-called Advanced Persistent Threats (APTs) are, frankly speaking, not truly APTs. But...

visit the blog

InfoSec professionals know that most so-called Advanced Persistent Threats (APTs) are, frankly speaking, not truly APTs. But every now and then, a real persistent attack using different advanced evasive techniques emerges on the cyber threat landscape, and it’s critical for organizations to sit up and take notice. And the most recent addition to this Most Unwanted List is courtesy of a hacker group calling itself ProjectSauron.

As noted by Kapersky Lab researchers, ProjectSauron (or Strider, which is what Symantec researchers have dubbed it) is a “top-of-the-top modular cyber-espionage platform in terms of technical sophistication, designed to enable long-term campaigns through stealthy survival mechanisms coupled with multiple exfiltration methods.”

Here’s a rundown of what’s known so far about the ProjectSaurun platform, and its attack tool known as Remsec:

  1. Operating for at least the last 5 years – as early as June 2011, and active until April 2016
  2. Designed to eavesdrop on customized network encryption software used by government organizations
  3. Targeting specific countries and designed to collect high value intelligence by breaching as many entities as possible within a targeted area
  4. Victims so far include targeted organizations in Russia, Iran, Rwanda, Sweden and Belgium
  5. Likely the work of a nation state with a multi-million dollar budget
  6. Uses various malware modules aimed at stealing different types of information (e.g. email, document, voice, etc.)
  7. Focuses on stealing passwords and encryption keys, as well as identifying servers that utilize encrypted communications
  8. Uses legitimate software distribution channels to move laterally within infected networks
  9. Uses a modified Lua scripting engine to implement core platform and plugins, of which there are an estimated 50 different types
  10. Can breach air-gapped networks via a USB storage drive that stores data in an area invisible to the operating system
  11. Uses a wide variety of exfiltration methods, including emails and hiding data as DNS requests

Researchers from various security vendors are working to unpack ProjectSauron’s covert trail of destruction. That’s going to take a while, and as we all know, the adversaries behind it aren’t cashing in and taking early retirement. They’re emboldened by their success, and are busy hunting for new victims and creating new/modified malware. It’s what they do.

As such, organizations can’t assume that they “dodged a bullet” because they weren’t hit by Remsec (at least, not to their knowledge…). Instead, they need to take specific, practical steps to help minimize both the likelihood and impact of a true APT – because there WILL be more in the future.

It remains unclear how Remsec infiltrates a targeted network. But even when this information comes to light, it’s not going to solve anything – because 100% prevention isn’t possible. What’s more, since the attack tool resides in an infected device’s memory and not on a hard drive, trying to catch it just by checking for basic indicators of compromise is also pointless.

Our advice is this: given that the implants and C2 servers are customized for each target and never re-used, Remsec -- and other similar attacks -- can only efficiently be detected and confirmed by using supervised machine learning models, which analyze network traffic over time and can detect the evasive techniques.


Unsplashed background img 2

news alert

What's New at Seculert


latest press

Apr 27, 2016 5:00:00 AM

Seculert’s Javelin Attack Simulator Reveals Serious Gaps in Organizations’ Perimeter Defenses

Santa Clara, Calif. – April 27, 2016 Seculert, the leader in attack detection and analytics, today announced new findings that 80 percent of secure web gateways installed by Fortune 1000 companies miss 80 percent of malicious outbound..

view more

in the news, July 15, 2016

Why Web Gateways Are Not Enough

Why can't web gateways fully protect you from attack and how can you maximize their performance? Learn more from Seculert CEO Richard Greene in this eSecurityPlanet article...

view more

“Deploying Seculert was like hiring three extra security analysts for a fraction of the cost, and these three never sleep!”

Richard Rushing, CISO, Motorola Mobility

Unsplashed background img 3

Contact Us

Unsplashed background img 2