Solutions

Seculert Javelin

Secure Web Gateways Fail 40% of the Time

Seculert Javelin is the first inside-out attack simulation and remediation service that allows you to determine how well your secure web gateway (SWG), next-generation firewalls (NGFW), or proxy would do at preventing the latest, real world, malicious malware attacks from succeeding in communicating with their perpetrator’s command and control servers.

Seculert research reveals a 40% failure rate in secure web gateways in stopping malicious outbound communication, and nearly half of those failures are caused by malware for which there is no known signature. Javelin can detect these attacks AND pinpoint any infected devices.

Javelin emulates the communications a cyber-attack attempts to perform after it has infected a device on your network. Javelin observes and reports on the gateway’s response (block or allow), and presents the results immediately to the user.

Seculert Javelin results are based on our unique visibility into the latest, real world, malware attack behavior, gleaned from the Seculert Attack Detection Platform, which protects more than 2 million users daily from the negative effects of cyber-criminals.

Enterprises that wish to continuously monitor gateway performance can automate the Javelin simulation using an agent packaged in the Seculert Virtual Appliance (SVA).

Seculert offers a Daily Fix service that empowers existing gateways to block malicious outbound communication should a device become infected with live versions of the attacks simulated by Javelin.

Watch the Javelin Video

Seculert Shield

Because The Bad Guys Are Getting Better

While Seculert Javelin and its associated fix can identify and protect you from active trending attacks based solely on their attempted communication patterns, you may still be vulnerable to the most sophisticated attacks being deployed by the adversary. The use of so called "evasive techniques" is now common by technically advanced cyber-criminals. Whether it’s using encryption, dynamically generated host names, low and slow communications, or a dozen other techniques, the bad guys have become very good at defeating the static defenses offered by current prevention solutions.

Fortunately, Seculert Shield was designed specifically to identify these techniques and pinpoint the infected devices victimized by them. Shield does this by analyzing your actual secure web gateway, proxy or Next Generation Firewall logs through the Seculert Attack Detection and Analytics Platform.

Once the presence of attackers utilizing evasive techniques has been established, the affected devices are identified via Seculert’s machine learning-based log analytics platform.  

For additional information on Seculert inside-out protection solutions please complete the form below or contact our security specialists at: (408) 560-3403 or email: info@seculert.com.

bg-search-scaner.jpg

How It All Works

Seculert Javelin

The Javelin browser test is based on Javascript served from seculert.com and executed in a browser window. The simulation sends HTTP GET requests to multiple real C&C hosts and observes and reports on the gateway’s response to those attempted outbound communications. As the threat landscape is dynamic, the simulation’s destination hosts change frequently even from one run of the test to another. The Javelin manual test may be run at any time from anywhere on an enterprise network to test a specific network segment or geographic attack readiness. The automated Javelin test is deployed as a virtual appliance and provides continuous simulation of live trending attacks known to be currently active in the internet.

The Javelin simulation performs its tests in a completely safe manner and does not render any content returned by the server. Javelin achieves this using the HTML link prefetch tag. This HTML tag will only prefetch the content, by using an HTTP GET request, but will not render it (in comparison to link prerender HTML tag that will). Seculert then examines the gateway’s response to the prefetch and determines whether it was blocked or allowed.

Seculert Shield

The Seculert Shield simulation emulates the most “popular” evasive attack techniques in use cyber-criminal gangs attempting to defeat current prevention and detection solutions. These techniques include, but are not limited to:

  • Dynamically Generated Host Names
  • Low and Slow Communications
  • Randomized or Generic Request Paths
  • Encrypted Channels or Payloads
  • Spoofed Host Names

The Shield simulation agent plays, over time, a dynamic list of the communications generated by these techniques aimed at domains and IP addresses owned by Seculert and observes the gateway’s response to them. Shield then reports, within the browser the results of the simulated attacks indicating to which techniques the gateway would be vulnerable if it were to come under actual attack. The Seculert machine learning based log analysis platform can then be used to determine if any devices on the network have been successfully attacked and are communicating with the perpetrator’s command & control infrastructure.

Contact Us

Unsplashed background img 2