New “Blacklist” Reports Help Organizations Proactively Block Malicious Traffic from Trojans and Phishing Sites
Today’s advanced malware such as the Zeus and SpyEye Trojans can silently capture and exfiltrate sensitive corporate data contained on enterprise endpoints, including proprietary information such as legal documents, healthcare records and corporate trade secrets. However, many organizations are blind to these threats and the impact malware within their systems can have on their bottom line.
RSA, The Security Division of EMC, this week announced updates to its CyberCrime Intelligence Service, aiming to help enterprises address these threats with new daily reports on black-listed hosts and IP addresses used by cybercriminals for launching attacks and communicating updates to malware-infected systems that may be part of a botnet.
The new “blacklist” reports help security professionals identify corporate end points and resources that may be at risk as a result of malware infection.
Additionally, blacklist data feeds can automatically be fed into third party web filtering software, intrusion detection/prevention systems and other network monitoring and security solutions to help sever the communication channels of existing malware, eliminating its ability to siphon information from companies and receive new instructions from command and control servers.
Related Reading: Threat Sharing – A Necessary Defense Strategy
“IT organizations have traditionally focused on layered security which protects the perimeter. Now is the time to provide the same layered security model internally as well. That model, based on Governance, Risk and Compliance, must assume that malware has penetrated the enterprise and mitigate any damage which might occur,” said Phil Blank, Managing Director, Security, Risk and Fraud at Javelin Strategy & Research. “By employing actionable information contained in threat intelligence reports and supplemented by active blacklist feeds to help prevent communications with command and control servers and data leakage, an enterprise can significantly improve their security posture and reduce their risks.”
“Corporate internet users increasingly represent the largest source of infection in the enterprise by data-stealing malware via spear-phishing emails and social engineering attacks,” said Sam Curry, Chief Technology Officer for RSA’s Identity and Data Protection group.
The RSA CyberCrime Intelligence Service offers companies insight into potential compromises gleaned from the RSA Trojan Research Labs and a network of anti-virus, firewall, anti-spam and Web crawling partners. RSA aggregates and analyzes the information to provide customers with continuous updates and visibility on the latest malware and malicious hosts discovered across the Internet.
RSA also offers consulting services along with its CyberCrime Intelligence Service offering, to help customers identify and implement plans to reduce cybercrime risk.
Related Reading: Advanced Fraud Threats in Mobile Environments
