State of the Art Technology
Seculert is a pure cloud-based platform that combines several core technologies in order to study, profile, detect and block malware. Since advanced malware is persistent, networked, and constantly evolving, a new approach is needed in order to stop it.
Developed by experienced security and analytics experts, the Seculert Platform takes proven techniques to the next level by leveraging the power of the cloud. Let’s take a brief look at each of the core technologies. For a more in-depth explanation, download the white paper.
Synergy in the Cloud
Seculert fully leverages the power of the cloud to keep up with the constantly-changing threat landscape and provides enterprises with a cost-effective solution for detecting, stopping and protecting against advanced malware attacks throughout the organization. In one powerful yet simple platform, Seculert combines key detection and protection technologies that work together in synergy to stop malware in its tracks.
Traffic Log Analysis
Since advanced threats are persistent, traffic log analysis is another effective way to detect them – but it is necessary to analyze a large amount of traffic, collected over a significant period of time. Using Big Data analytics and advanced machine learning algorithms, Seculert automatically analyzes traffic logs and identifies malware attacks – even malware that was previously unknown to any authority. The information from the Sandbox and Botnet Interception provides unique statistical “learning sets” that make Seculert’s log analysis extremely powerful, and the elastic nature of the cloud means that there is always enough processing power and storage space to analyze logs as far back as required.
The Seculert Sandbox is an elastic cloud environment for studying and profiling malware. We run suspicious code and analyze its behavior over an extended period of time. This is critical to understanding advanced malware, which is designed to persist for as long as possible, and has the ability to evolve in order to avoid detection. When we identify the command and control servers, we start using Botnet Interception to identify infected users. At the same time, we use Big Data analytics to create a malware profile that is used for Traffic Log Analysis.
A botnet is a network of malware-infected devices that is controlled by a series of command and control (C&C) servers. Simple botnet monitoring services provide a list of known C&C servers, so you can block them. Seculert goes one step further and actually identifies the endpoints that are infected. As soon as we identify a botnet, we infect our own machines and join the network.
Using methods such as Sinkholing and other proprietary techniques, we capture all of the traffic to and from the C&C servers and gradually identify every single user that is infected. We provide that information directly to you via a web dashboard, and to your firewalls and proxies through the Seculert API for immediate threat protection.
The Seculert Protection API transforms your existing perimeter security into a cloud-based automated breach detection platform. Based in the cloud, Seculert allows your proxies, firewalls and SIEM solutions to pull information about the command and control servers that must be blocked, the users and devices that have been compromised, as well as deep dive forensics information. The RESTful API is a simple web service interface that provides data in XML or CSV format. With Seculert, you can identify, block, and remediate advanced threats without replacing any of your on-premises traditional security infrastructure.