Security Experts:

New Seculert Service Uses Cloud-based Big Data Analytics To Hunt Malware


Seculert this week unveiled a new cloud based analysis engine that takes advantage of big data analytics to identify advanced threats and malware.

Dubbed Seculert Sense, the new product combines customers' on-premise logs with the company's intelligence data gathered from live botnets to identify advanced persistent threats and unknown malware, Seculert said Thursday. Customers will be able to upload log data for real-time detection and forensic investigation, the company said.

Seculert LogoSeculert Sense is built on top of Amazon Web Services' Elastic MapReduce and uses Big Data technologies such as Hadoop to scan massive amounts of data to find traces of malware connectivity, Dudi Matot, cofounder and CEO of Israel-based Seculert, told SecurityWeek. The "big data" analysis cloud rapidly analyze the organization's vast trove of log data that goes back months and years and compares the information against thousands of malware samples collected, Seculert said.

"Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40 thousand samples of unknown malware which originate from in-house research, customers and third party sources," Matot said in a statement.

When Seculert Sense uncovers some kind of malicious activity in the customer's log data, it looks for similar clues in the customer's other logs, even if the data comes from disparate vendors. The platform can also look across customers to discover if anyone else has been targeted, said Matot.

Attackers don't target just one entity, so it was important to use the research and knowledge gained from one environment across the board. Sensitive and identifying customer data is always kept safe and never shared.

"Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such," Matot said.

Organizations are becoming more aware of threats and need ways to understand what kind of data is being collected in their logs, Matot said. Signs of malicious activity is often not found in one just place bit scattered across sources. Seculert Sense gives customers access to malware and organizational profiling as well as traffic analysis, he said.

Customers can access detailed forensic reports about detected attacks from the Seculert Web dashboard. They can view specific APTs, infected endpoints and mobile devices, and attempts to phone home to the command and control servers. The Web dashboard provides drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware, the company said.

The cloud services are non-intrusive and customers don't need to invest any new hardware equipment. Seculert Sense provided additional cloud malware detection capabilities on top of on-premise security products.

Customers upload log files via a Secure FTPS tunnel, or upstream data directly from a secure gateway or proxy. They can also upload ELFF log files from existing vendors such as Blue Coat, WebSense, and SQUID.

Seculert Sense is offered as a premium service and extends the company's cloud-based threat intelligence service Seculert Echo. Echo monitors live botnet activity around the globe and alerts users to compromised endpoints.

Fahmida Y. Rashid is a contributing writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.