Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

New Seculert Service Uses Cloud-based Big Data Analytics To Hunt Malware


Seculert this week unveiled a new cloud based analysis engine that takes advantage of big data analytics to identify advanced threats and malware.

Seculert this week unveiled a new cloud based analysis engine that takes advantage of big data analytics to identify advanced threats and malware.

Dubbed Seculert Sense, the new product combines customers’ on-premise logs with the company’s intelligence data gathered from live botnets to identify advanced persistent threats and unknown malware, Seculert said Thursday. Customers will be able to upload log data for real-time detection and forensic investigation, the company said.

Seculert LogoSeculert Sense is built on top of Amazon Web Services’ Elastic MapReduce and uses Big Data technologies such as Hadoop to scan massive amounts of data to find traces of malware connectivity, Dudi Matot, cofounder and CEO of Israel-based Seculert, told SecurityWeek. The “big data” analysis cloud rapidly analyze the organization’s vast trove of log data that goes back months and years and compares the information against thousands of malware samples collected, Seculert said.

“Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40 thousand samples of unknown malware which originate from in-house research, customers and third party sources,” Matot said in a statement.

When Seculert Sense uncovers some kind of malicious activity in the customer’s log data, it looks for similar clues in the customer’s other logs, even if the data comes from disparate vendors. The platform can also look across customers to discover if anyone else has been targeted, said Matot.

Attackers don’t target just one entity, so it was important to use the research and knowledge gained from one environment across the board. Sensitive and identifying customer data is always kept safe and never shared.

“Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such,” Matot said.

Organizations are becoming more aware of threats and need ways to understand what kind of data is being collected in their logs, Matot said. Signs of malicious activity is often not found in one just place bit scattered across sources. Seculert Sense gives customers access to malware and organizational profiling as well as traffic analysis, he said.

Customers can access detailed forensic reports about detected attacks from the Seculert Web dashboard. They can view specific APTs, infected endpoints and mobile devices, and attempts to phone home to the command and control servers. The Web dashboard provides drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware, the company said.

Advertisement. Scroll to continue reading.

The cloud services are non-intrusive and customers don’t need to invest any new hardware equipment. Seculert Sense provided additional cloud malware detection capabilities on top of on-premise security products.

Customers upload log files via a Secure FTPS tunnel, or upstream data directly from a secure gateway or proxy. They can also upload ELFF log files from existing vendors such as Blue Coat, WebSense, and SQUID.

Seculert Sense is offered as a premium service and extends the company’s cloud-based threat intelligence service Seculert Echo. Echo monitors live botnet activity around the globe and alerts users to compromised endpoints.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.