Cloud-Based, Automated Breach Detection
Major breach disclosures became a weekly event in 2014. Most of these disclosures had two things in common:
- The malware responsible for the breach had managed to defeat some of the most sophisticated breach prevention technologies available
- The malware managed to stay present on the victim’s network for weeks if not months completely undetected
Seculert’s automated breach detection platform is designed specifically to detect the most advanced types of infections and identify exactly which devices are compromised.
Currently, Seculert works with more than one hundred Global 2000 companies to identify malware activity on their networks. This malware has gone undetected by the company’s current solutions and has already begun beaconing data out to the breach perpetrators. At some point all malware attacks must “call home” to complete their mission and it is at this stage that even very sophisticated malware is most vulnerable to detection.
Whether the goal of an attack is to steal customer or employee information, sensitive intellectual property, or to “liberate” financial assets, the Seculert Platform delivers only verified infection reports (no false positives). It identifies the specific devices that are compromised and communicating with the criminal command and control servers making it easy for SOC/IR teams to prioritize remediation.
To learn more about how Seculert can help you identify malware that has gone undetected on your network, check out our latest white paper, “How to Find and Remove the Attacker that Has Already Passed Through Your Traditional Defenses.”
No Hardware, No Software
The Seculert Automated Breach Detection Platform is a 100% cloud-based solution that requires no new hardware or software to be deployed. Using a combination of automated traffic log analytics, a highly scalable elastic sandbox, and leading botnet interception technology, the Seculert Platform establishes and maintains continuous visibility on the behavior of any malware that infects our customer’s networks. Being a cloud-based service, the Seculert Platform deploys quickly, scales to meet the demands of the ever-changing threat landscape, and provides SOC/IR teams precise and accurate breach detection information reliably and cost-effectively.
Just one example of how the Seculert Platform benefits from being built as a cloud-based service can be seen from day one by observing the way in which the Elastic Sandbox works. While premises-based sandbox technologies are limited in the amount of time they can spend observing a suspicious executable, the Seculert Platform can observe any malicious behavior that might be triggered by longer term execution cycles, specific device configuration, or even geographic differences. This highly scalable approach allows the Seculert to build and maintain one of the largest behavioral profile archives of malware in the world.
To learn more about how Seculert’s no-hardware, no-software solution detects the presence of malware on your network, check out the white paper, “Combating Advanced Persistent Threats Through Detection.”
You Have Already Been Breached
A current popular saying in data security circles contends that, “There are two kinds of companies, those that know they’ve been breached and those that don’t know they’ve been breached (yet).” Notice it doesn’t say that there’s a category of company that hasn’t yet been breached because the harsh reality is that all enterprises of any size have been breached…and probably recently.
Whether it’s an opportunistic attack that enters the enterprise network through one of the blind spots that exist on all networks or a targeted attack written specifically to defeat a single network’s specific breach prevention systems, all networks eventually become infected. Because Seculert assumes that all networks will periodically be breached by malicious perpetrators, Seculert has a unique perspective on how to monitor, identify, and respond when infected devices start to do damage within the networks on which they reside.
To learn more about how Seculert fights back against the damage that can be incurred by advanced malware, check out our expert white paper, “How Big Data Fights Back Against APTs and Malware.”
Prevention is Not Enough
In a perfect world, malware attacks would follow predictable patterns and rarely change strategy or tactics. Unfortunately, the now well-funded global malware development community is anything but predictable. In fact, one of the characteristics of a successful global cybercrime syndicate is the ability to identify and respond to new cyber-defense technologies as they emerge. First, they defeated signature based anti-malware technologies. Then they went on to study data loss prevention and behavioral anti-malware technologies and developed new methods to defeat many of them as well.
From a classical “warfare” perspective, the tactical advantage lies with the cybercriminal and state actors attempting to penetrate public and private sector networks. The reason for this is that the perpetrators always know what they’re up against in advance while the defenders only know what is attacking them in retrospect. And as history has taught us, all anti-malware prevention technologies will eventually fail.
As it is unlikely that the tactical advantage will ever reside with those engaged in cyber-defense, the question now is how thoughtful, realistic security professionals should respond to this imbalance of power. Abandoning prevention technologies is not really an option, but expectations about the role they play are changing.
Recent experience has revealed that complete protection based on prevention is not achievable. The answer is to complement existing technologies with a comprehensive post-infection detection strategy based on the assumption that occasionally, a new attack, whether opportunistic or targeted will succeed.
The Seculert Automated Breach Detection Platform provides exactly this kind of detection capability by identifying malware when it is at its most vulnerable- the point at which it must communicate back to its command and control infrastructure in order to complete its mission.
To learn more about how Seculert’s comprehensive post-infection detection strategy detects threats residing on your network, check out the educational white paper, “How to Find and Remove the Attack that Has Already Passed Through Your Traditional Defenses.”