Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Malware & Threats

New Seculert Service Uses Cloud-based Big Data Analytics To Hunt Malware

Seculert this week unveiled a new cloud based analysis engine that takes advantage of big data analytics to identify advanced threats and malware.

Seculert this week unveiled a new cloud based analysis engine that takes advantage of big data analytics to identify advanced threats and malware.

Dubbed Seculert Sense, the new product combines customers’ on-premise logs with the company’s intelligence data gathered from live botnets to identify advanced persistent threats and unknown malware, Seculert said Thursday. Customers will be able to upload log data for real-time detection and forensic investigation, the company said.

Seculert LogoSeculert Sense is built on top of Amazon Web Services’ Elastic MapReduce and uses Big Data technologies such as Hadoop to scan massive amounts of data to find traces of malware connectivity, Dudi Matot, cofounder and CEO of Israel-based Seculert, told SecurityWeek. The “big data” analysis cloud rapidly analyze the organization’s vast trove of log data that goes back months and years and compares the information against thousands of malware samples collected, Seculert said.

“Being a pure cloud service enables Seculert to digest huge amounts of data over time. Every day, we are collecting over 40 thousand samples of unknown malware which originate from in-house research, customers and third party sources,” Matot said in a statement.

When Seculert Sense uncovers some kind of malicious activity in the customer’s log data, it looks for similar clues in the customer’s other logs, even if the data comes from disparate vendors. The platform can also look across customers to discover if anyone else has been targeted, said Matot.

Attackers don’t target just one entity, so it was important to use the research and knowledge gained from one environment across the board. Sensitive and identifying customer data is always kept safe and never shared.

“Seculert Sense was created based in part on the theory that we are all part of interconnected systems and should collaborate as such,” Matot said.

Organizations are becoming more aware of threats and need ways to understand what kind of data is being collected in their logs, Matot said. Signs of malicious activity is often not found in one just place bit scattered across sources. Seculert Sense gives customers access to malware and organizational profiling as well as traffic analysis, he said.

Advertisement. Scroll to continue reading.

Customers can access detailed forensic reports about detected attacks from the Seculert Web dashboard. They can view specific APTs, infected endpoints and mobile devices, and attempts to phone home to the command and control servers. The Web dashboard provides drill-down capability to the raw traffic logs that hold the evidence for the APT or unknown malware, the company said.

The cloud services are non-intrusive and customers don’t need to invest any new hardware equipment. Seculert Sense provided additional cloud malware detection capabilities on top of on-premise security products.

Customers upload log files via a Secure FTPS tunnel, or upstream data directly from a secure gateway or proxy. They can also upload ELFF log files from existing vendors such as Blue Coat, WebSense, and SQUID.

Seculert Sense is offered as a premium service and extends the company’s cloud-based threat intelligence service Seculert Echo. Echo monitors live botnet activity around the globe and alerts users to compromised endpoints.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...