What is the key value you provide to enterprises?

From the moment of activation, Seculert immediately identifies existing malware affecting corporate network assets. Overtime, Seculert uses Big Data Analytics to process information from proactive Botnet Interception, sophisticated malware profiling, and automatic Traffic Log Analysis in order to identify the latest threats as they emerge. Only Seculert uses the unique capabilities of the cloud to harness crowdsourcing, Big Data analytics, and machine learning in order to combat today’s advanced and persistent threats. Easy to deploy and manage, Seculert is a cost-effective APT protection solution for all of the sites and users in your organizations.

Who can use Seculert's solution?

Seculert's Advanced Threat Protection Solution is designed to help enterprises and large organizations protect their vital information assets. Our target market focuses on large companies. Within this context, we see substantial interest in our solution from major corporations in the software, pharmaceutical, transportation, healthcare, utilities, energy, higher education, and financial services sectors.

Do you work with business partners?

Yes. We are interested in expanding our business partnerships with VARs specializing in security, consulting firms involved in risk analysis and remediation, managed service providers, and cloud infrastructure providers. We believe that Seculert provides a unique and highly effective solution for any firm involved in protecting enterprises from the spread of malware. We invite you to contact us to discuss partnering opportunities.

How is the service sold?

We sell the Advanced Threat Protection Solution directly, as well as through channel partners such as value-added resellers (VARs) and security-related service providers. We believe that our Advanced Threat Protection Solution represents a tremendous opportunity for managed service providers, consulting organizations and VARs to enhance their product and service portfolios.

How do you detect advanced malware and APTs?

Seculert combines several key detection and protection technologies in one convenient easy-to-manage cloud-based solution to proactively identify new threats as they emerge. Our core technologies include proactive Botnet Interception, an Elastic Sandbox, and Traffic Log Analysis. Together with our automated Big Data Analytics and API we transform your existing security solutions into a complete APT protection solution.

For more information on our technology, check out the Data Sheets in our Resources section.

Do you provide remediation services once you identify malware?

Remediation services are typically provided by our customer's security consultants and/or service providers, with whom Seculert partners. In order to meet the challenges posed by the growing scope and sophistication of cyber crime and APTs, Seculert focuses all of its efforts on providing our enterprise customers with early detection and protection from the broadest possible array of malware threats that may endanger their network. By providing this information in real-time, we both facilitate and increase the effectiveness of the remediation effort.

Does Seculert scan my network systems and traffic to detect the malware?

No. Seculert provides a cloud-based and non-intrusive service that operates completely outside your corporate network. We provide pinpointed intelligence of corporate exposure to cyber threats through our analysis of data collected from proactive Botnet Interception, a crowdsourced threat repository, and from HTTP/S traffic logs collected over time.

Do you provide customers with information related to the source of data leaks?

The Seculert Advanced Threat Protection Solution tracks worldwide information in real time, enabling IT managers to pinpoint corporate exposure to targeted attacks and cyber threats (e.g., compromised assets, identity theft, compromised partners connecting to the corporate network, etc.). Since malicious code is often designed to steal information, by identifying and quickly handling these threats, companies can significantly reduce the chance of data leakage.

Does your platform affect other security tools already running in an enterprise's IT environment?

Seculert Advanced Threat Protection Solution is built to complement and strengthen an enterprise's existing security infrastructure, without the need for new hardware, software or any changes to the corporate network. It does not require network integration; nor does it affect the performance of other security solutions. In fact, the detailed threat intelligence supplied by our service can be used to enhance an enterprise's existing perimeter security settings.

Do I need to install hardware in my network?

No. Seculert offers a cloud-based service which means that enterprises do not need to purchase or install any hardware on their network. This lowers costs and enables enterprises to get up and running with the service instantly.

How long does it take to establish an account?

Using the system's comprehensive and easy-to-use management dashboard, service setup is quick and easy, enabling enterprises to get up and running within a matter of minutes.

How do you notify me?

The Advanced Threat Protection Solution sends alerts to corporate IT managers when cyber threats penetrate the corporate network, with detailed information related to corporate exposure to cyber threats. Notifications can be sent via the portal and by email. In addition, through the Seculert API our service integrates with SIEM systems that can be used to deliver alerts to IT managers.

Do you cover mobile devices and smart phones? How does Seculert help me with BYOD security?

Yes. The Seculert Advanced Threat Protection Solution is hardware-agnostic and is compatible with any device connected to the Internet running any operating system. Additionally, Seculert’s solution scales to tens of thousands of devices providing you deep network-wide visibility. And our unique Botnet Interception technology looks both inside and outside your internal network to identify every computer and every endpoint infected by known malware.

Do you cover my remote employees and locations?

Yes. Since Seculert is a cloud-based solution it identifies existing infections, and continues to detect unknown malware both inside and outside your internal network – including remote sites, employees, and even on personal mobile devices.

Are you able provide me with pinpointed detection even if my machines are behind a NAT device?

Yes. Seculert's Advanced Threat Protection Solution is able to provide pinpointed intelligence even if the enterprise asset (machine) is behind a NAT device. Using patent-pending technology, our service can provide up to the level of the exact machine name in cases where the IP address was translated, enabling enterprises to pinpoint infected machines.

Do you offer different plans?

Yes. Plans are available which include different levels of sophistication based on our technological data sets. Learn more about our plans here.

How does the Botnet Interception actually work?

Seculert monitors IP addresses and domain names of known command and control servers (C&C). By intercepting the communication between botnets and their C&C servers we are able to gather intelligence such as where the bot has been and its intended destination.

For a detailed explanation of our Botnet Interception technology, see the corresponding Data Sheet in our Resources section.

What happens in the Elastic Sandbox?

Seculert collects potentially malicious files from customer submissions and by leveraging crowdsourcing and partnerships. The suspicious files are run in the Elastic Sandbox, unrestricted by time or space. We simulate various geographic regions, operating systems and other environments. By observing the development of the suspicious files we develop a malware behavioral profile maintained in our threat repository.

For a detailed explanation of our Elastic Sandbox technology, see the corresponding Data Sheet in our Resources section.

How do you analyze the traffic logs?

Seculert customers upload HTTP traffic logs from web proxies or web gateway appliances. The logs are automatically reviewed for suspicious activity such as patterns or anomalies in order to identify a possible threat.

For a detailed explanation of our Automated Traffic Log Analysis technology, see the corresponding Data Sheet in our Resources section.

Where are my logs stored? How secure is it?

Seculert relies on the world class standards and processes provided by Amazon S3 to ensure that your confidential log data is protected while it is in transit, and while it’s being stored for analysis. With Amazon S3’s data protection features, your data is protected both from logical and physical failures, and from data loss as a result of unintended user actions, application errors, and infrastructure failures. In addition, customers may obfuscate their log data prior to sending it to the Seculert cloud to protect Personally Identifiable Information as needed.

Where are your servers located?

Amazon has S3 data centers both in the US and in the EU (Ireland). Customers can choose which data center works best according to their needs.

Who has access to my logs?

Access to your data is strictly limited to you and to select and authorized Seculert employees. In addition, your explicit authorization will be required before any Seculert employee accesses your UI screens in order to provide requested technical support. At all times, data access is securely handled and fully tracked.

How long do you keep my logs?

For complete analysis, we recommend storing your logs for at least one month. Customers can choose a different period of time and have the ability to securely and completely remove their logs according to their preference.

I thought SaaS was insecure, how is Seculert different?

At Seculert, we don’t juggle multiple products that achieve different business goals. We focus on one thing, and only one thing: our customers’ security. And so it should come as no surprise that to learn that Seculert has the proven data protection systems, technologies, processes and resources in place to keep your data secure at all times – whether in transit or while being stored.

After all, keeping you safe in an increasingly complex and challenging malware threat environment isn’t just our mission and our specialization; it’s the essence of who we are and what we do – without compromise.

For more information on how Seculert keeps your data secure at all times, see the Data Sheet in our Resources section.

How can I integrate the data with our SIEM, firewall, etc.?

In order to leverage Seculert’s unique data with your other security solutions, such as SIEMs, Firewalls and Proxies, we provide an API. With some simple scripts the API enables you to access the data generated by Seculert.

For more information on how to use the API Console provided by Seculert, click here.

Why do I need to add my domains? Are there other options to validate my domain?

Seculert needs your domains in order to search botnet communications for mentions of your domain. If mentions are found, then it means that this communication belongs to an infected device or to an identity of one of your company’s assets (internal/remote employees, partners, customers).

What if I don't use CSV or ELFF formats for my logs?

Currently we support many different format types. Contact our support team for specific questions, support@seculert.com.

How much data can I upload? Are there any limitations? (Monthly/Yearly - limitations?)

Due to Seculert’s cloud-based infrastructure there are no restrictions on how much data can be uploaded or processed. Each customer is entitled to specific upload amounts based on their contract with Seculert. If you have questions about your plan, please contact sales@seculert.com.

What's the recommended frequency with which I should upload logs?

For best results it is recommended that you upload logs on an hourly or daily basis.

What do I do with the results?

The data generated by Seculert can transform your existing security defenses into a complete APT protection solution. Seculert’s API enables you to write simple scripts in order to access the in-depth threat profiles and update your existing perimeter security with automated, custom security updates (IP/Domain blacklists and security signatures). You can then integrate this information with your security environment including endpoint solutions, firewalls, gateways, and server enforcement points.

We already have an APT solution!

Based on our extensive security knowledge, patent-pending technologies and tools for gathering information, Seculert collects and analyzes huge amounts of data on a continuous basis. Our service provides real-time alerts of malware incidents, as well as up-to-date reports on global cyber threat trends. Seculert Advanced Threat Protection Solution complements an enterprise's existing security infrastructure (e.g., firewall, IPS, URL Filtering, anti-virus, etc.), and can be used to enhance perimeter security solutions already in place.

Learn more about the importance of focusing on APT detection and protection rather than prevention with this free White Paper, “Combating Advanced Persistent Threats Through Detection.”

We have our own sandbox....

You are welcome to continue using your own sandbox, but in general most sandboxes have limitations. However, in order to take full advantage of Seculert’s complete solution it is recommended that you use the Elastic Sandbox environment provided.

We have all the network and endpoint security we need.

Due to advances in technology, preventing network breaches and compromises to endpoint security solutions are no longer sufficient defense measures. Advanced malware could be on your company’s network going undetected for months or even years.

Does your security solution include Big Data analytics and machine learning technology? Check out our free White Paper, “How Big Data Fights Back Against APTs and Malware,” to see why these features are necessary.

What are the advantages of the Log Analysis if I already use the Botnet Interception?

Botnet Interception is based on Seculert's previous knowledge of the botnet in order to identify infected machines which are part of the botnet’s network. While Log Analysis uses machine learning and Big Data analytics to identify targeted attacks which were previously unknown to the security industry.

Check out “The 6 Key Factors to Consider When Choosing a Solution to Protect Your Network from APTs,” a free White Paper available to you.