SlideShare una empresa de Scribd logo

Elastic Sandbox Environment

Seculert
Seculert

The cyber threat landscape is becoming more dangerous and challenging all the time. Here, you’ll find a practical, expert-crafted resource to help keep your enterprise secure and successful for the long-term. It’s our way to help you get informed -- and stay safe. Elastic Sandbox Environment -Automatic analysis and classification of suspicious files -Analyzes potential malicious files on different platforms -Currently crunches over 40,000 malware samples daily -Generates malware behavior profiles -Maintains a crowdsourced threat repository

Tecnología
1 de 4
Descargar para leer sin conexión
DATA SHEET Advanced Threat Protection SECULERT’S ELASTIC SANDBOX ENVIRONMENT Advanced threats demand a new class of defenses. Precisely because they are persistent and ever-changing, it is essential to study their behavior over time – and not just at the moment of entry into the organization. And as threats become more sophisticated and dangerous, the most effective and efficient way to fight is to join forces and share information. Today, Seculert is leveraging the capabilities of the cloud to turn this vision into reality. Seculert’s Elastic Sandbox environment is an essential tool for studying and profiling malware over time for as long as necessary, and for sharing results with the community. It works together with the core technologies in the Seculert solution to identify and block malware as soon as it strikes. Seculert is a comprehensive cloud-based solution for protecting organizations from advanced malware, APTs and zero-day attacks. Seculert combines several key detection and protection technologies – an Elastic Sandbox environment, WHAT IS A SANDBOX? In IT security, a sandbox is an experimental environment where suspicious code can be executed and studied safely, without risk of infecting a production environment. Today, many security solutions feature sandboxing technology. But not all sandboxes are created equal. Seculert’s Elastic Sandbox is unique because of a combination of leading-edge technologies and synergistic interaction with the other modules in the Seculert Solution: Botnet Interception, Big Data Analytics, Protection API, and Automated Traffic Log Analysis. And unlike other single-vendor environments, Seculert’s Elastic Sandbox sees a complete picture consisting of samples from the full range of on-premises security device vendors. Botnet Interception, and Automated Traffic Log Analysis - in one simple solution that proactively identifies new threats as they emerge. HOW THE SANDBOX WORKS Sample Settings Analysis period Analysis region New malware profiles New suspicious malware Results Traffic Suspicious malware Elastic Sandbox Environment Data Analytics Results Malware profile Malware Behaviors Suspicious malware Meta data Machine run time changes ****** Log analysis and Botnet interception Vendors Customers DATA SHEET SECULERT’S ELASTIC SANDBOX ENVIRONMENT | 1
1. Customers, partners, vendors and the malware experts at Seculert upload suspicious executables to the Elastic Sandbox using the online platform or API. 2. In the elastic sandbox, Seculert studies the behavior of the code including network communications, meta-data in the network traffic and host runtime changes. 3. You can tune the sandbox by setting the execution time and region to approximate geographically targeted attacks. 4. If additional suspicious code is found during execution, it too is downloaded and sent to the Elastic Sandbox for analysis. Seculert’s Elastic Sandbox uncovered some infamous botnets including Ramnit, Kelihos.B, Mahdi, Shamoon, and Dexter. 5. Seculert uses Big Data analytics to process all of the information collected and determine whether or not the code is malicious. If the solution recognizes a known malware profile, it updates customers and partners immediately via the online dashboard and the Seculert API, which communicates directly with customer’s proxies and firewalls to block known threats. 6. If the executable’s behavior is not known, but is conclusively identified as malware, a profile is defined. Seculert immediately notifies customers and partners via the dashboard and API. In addition, the new malware profile becomes an important learning set for Seculert’s machine learning algorithms and traffic log analysis. 7. If the malware is determined to be a botnet, the data is also passed on to the Botnet Interception module, which monitors traffic and identifies infected users and IP addresses. MONITORED BEHAVIORS When a suspicious file is uploaded and run in the Elastic Sandbox, Seculert looks for hundreds of different behaviors which, taken together, can indicate malware. Some examples include: • Network traffic: All malware communicates with a command and control server which may be indicated by a dynamic DNS domain. It may also download additional files, scan for security vulnerabilities or setup back doors. • Device changes: Malware will often make changes to the host device including the registry, security settings, creating and changing files, auto-run settings and hooking. • Security detection measures: Malware actively avoids detection by disabling security settings, avoiding running while being monitored and injecting into other processes. THE ADVANTAGES OF THE SECULERT ELASTIC SANDBOX Long-term analysis Advanced malware is often quiet for long periods of time, and when it does act, it isn’t always immediately apparent that something is wrong. It is also programmed to change, so that its behavior patterns don’t become suspicious. As a result, it is essential to study malware over a period of time ranging from minutes to days. Sandboxes that run in-line on your network traffic can only run suspicious code for short periods ranging from a few seconds to a few minutes. Anything longer would be disruptive and too resource intensive. The Seculert Elastic Sandbox can execute code for as long as necessary – from a minute to an hour. Target emulation Since many botnets target a particular region, industry or organization, Seculert configures servers in a way that mimics different potential targets. The Seculert platform gives you the ability to set the region, time and additional factors that can help identify malware behavior. DATA SHEET SECULERT’S ELASTIC SANDBOX ENVIRONMENT | 2
Invisible to Malware As malware becomes more and more sophisticated, it is able to identify sandboxing technology and will keep quiet until it thinks it is “safe.” Seculert uses proprietary technology to make malware believe that it is not running inside a sanitized, virtual environment. To the malware, the Elastic Sandbox looks like a device with natural activity such as keyboard inputs and mouse movements. Elastic, cloud environment Having scalable resources is critical because in order to understand advanced malware, you must let it run over an extended period of time, and often you must execute it on multiple servers with different properties. The elastic, distributed nature of the cloud is ideal for a sandbox environment. 40K samples daily, from all kinds of traffic and vendors Today, the Seculert Elastic Sandbox analyzes over 40,000 new malware samples every day – and the number keeps growing. The samples come from customers who upload suspicious code through the API or dashboard, Seculert’s automated traffic log analysis, the Botnet Interception module and partners. BIG DATA ANALYTICS Monitoring over 40,000 code samples a day generates a tremendous amount of data. Seculert’s Big Data analytics engine uses machine learning algorithms and Elastic MapReduce to determine whether a code is malware or not. If it is malware, all Seculert customers are immediately protected via the API and dashboard alerts. But a single-pronged approach is not enough to stay ahead of emerging threats. Seculert also uses the new malware profile as a learning set for machine learning algorithms that detect unknown malware in customer traffic logs. AUTOMATED PROTECTION API To make the most of the Elastic Sandbox, you can integrate it with your existing security infrastructure using the Seculert Protection API. The API features three simple methods/API calls for uploading and retrieving data: • A web request that uploads files via HTTP, followed by a response including the upload’s identification key • A request that retrieves the results of the analysis using the identification key • A request that retrieves the network capture file (.PCAP) of the network traffic triggered by the running of the suspicious files When malware is detected by the Elastic Sandbox, Seculert customers are notified immediately. The API can communicate directly with corporate firewalls and proxies to block traffic. To support complete forensics, threat detection data can also be sent to SIEM systems for correlation. Some additional examples of integration include: • A mail server plug-in that automatically uploads suspicious attachments to the Elastic Sandbox • An anti-virus integration that inspects quarantined files to determine their severity in order to prioritize remediation activities DATA SHEET SECULERT’S ELASTIC SANDBOX ENVIRONMENT | 3
SECULERT DASHBOARD AND ALERTS You can upload samples to the Elastic Sandbox at any time using the dashboard as well as the API. It’s easy to configure runtime settings such as region and time. As soon as the analysis is completed, you are alerted by email and receive a detailed report. Malware reports include information about suspicious behavior observed, domains visited, registry and other host changes so that you can understand and mitigate your exposure and modify your security policies as needed. The dashboard automatically indicates whether malware was found and what activity should be blocked SYNERGISTIC TECHNOLOGIES Seculert’s Elastic Sandbox environment is extremely powerful – but it is the combination of the Elastic Sandbox working together with all of Seculert’s core technologies that provides the key to successful advanced threat protection. In addition to the Elastic Sandbox, Seculert features: • Botnet interception to detect threats that are already attacking employees, partners and customers inside and outside your organization. • Automated traffic log file analysis to identify unknown malware that is targeting your organization. • Protection API to automatically stop identified threats through integration with perimeter defenses. • Big Data analytics analyzes tens of thousands of malware profiles daily as well as petabytes of traffic logs in order to detect APTs. • Machine learning technology identifies unknown malware based on an understanding of malware behavior in order to keep up with the volume and rate of change. • Intuitive dashboard puts instant information about all advanced threats at your fingertips. • Full coverage of remote and mobile users on all endpoints including BYOD - without installing a single appliance or endpoint solution. • Cost-effective cloud service means no installation, instant results, and low total cost of ownership. LICENSING Basic Elastic Sandbox functionality is available for a total 5 samples running for 1 minute each for free. In order to upload more than 5 samples and get the ability to set the execution time and geographic region, please contact us. Toll Free (US): 1-855-732-8537 Tel (US): 1-408-560-3400 info@seculert.com www.seculert.com Tel (UK): 44-203-355-6444 Tel (Intl): 972-3-919-3366 DATA SHEET SECULERT’S ELASTIC SANDBOX ENVIRONMENT | 4

Recomendados

Lecture 3 engaging students for learning 2013
Lecture 3 engaging students for learning 2013Lecture 3 engaging students for learning 2013
Lecture 3 engaging students for learning 2013Amander Dimmock
 
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackInfosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackSeculert
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming InterfaceSeculert
 
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesImprove Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesSeculert
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013Seculert
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 

Recomendados

Lecture 3 engaging students for learning 2013
Lecture 3 engaging students for learning 2013Lecture 3 engaging students for learning 2013
Lecture 3 engaging students for learning 2013Amander Dimmock
 
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackInfosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attack
Infosecurity Europe 2014 Case Study: Shamoon, a two stage targeted attackSeculert
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming InterfaceSeculert
 
Improve Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesImprove Your Network Security w/ 4 Firewall Optimizing Techniques
Improve Your Network Security w/ 4 Firewall Optimizing TechniquesSeculert
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013Seculert
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 

Más contenido relacionado

Último

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Último (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Destacado

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 

Destacado (20)

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 

Elastic Sandbox Environment

  • 1. DATA SHEET Advanced Threat Protection SECULERT’S ELASTIC SANDBOX ENVIRONMENT Advanced threats demand a new class of defenses. Precisely because they are persistent and ever-changing, it is essential to study their behavior over time – and not just at the moment of entry into the organization. And as threats become more sophisticated and dangerous, the most effective and efficient way to fight is to join forces and share information. Today, Seculert is leveraging the capabilities of the cloud to turn this vision into reality. Seculert’s Elastic Sandbox environment is an essential tool for studying and profiling malware over time for as long as necessary, and for sharing results with the community. It works together with the core technologies in the Seculert solution to identify and block malware as soon as it strikes. Seculert is a comprehensive cloud-based solution for protecting organizations from advanced malware, APTs and zero-day attacks. Seculert combines several key detection and protection technologies – an Elastic Sandbox environment, WHAT IS A SANDBOX? In IT security, a sandbox is an experimental environment where suspicious code can be executed and studied safely, without risk of infecting a production environment. Today, many security solutions feature sandboxing technology. But not all sandboxes are created equal. Seculert’s Elastic Sandbox is unique because of a combination of leading-edge technologies and synergistic interaction with the other modules in the Seculert Solution: Botnet Interception, Big Data Analytics, Protection API, and Automated Traffic Log Analysis. And unlike other single-vendor environments, Seculert’s Elastic Sandbox sees a complete picture consisting of samples from the full range of on-premises security device vendors. Botnet Interception, and Automated Traffic Log Analysis - in one simple solution that proactively identifies new threats as they emerge. HOW THE SANDBOX WORKS Sample Settings Analysis period Analysis region New malware profiles New suspicious malware Results Traffic Suspicious malware Elastic Sandbox Environment Data Analytics Results Malware profile Malware Behaviors Suspicious malware Meta data Machine run time changes ****** Log analysis and Botnet interception Vendors Customers DATA SHEET SECULERT’S ELASTIC SANDBOX ENVIRONMENT | 1
  • 2. 1. Customers, partners, vendors and the malware experts at Seculert upload suspicious executables to the Elastic Sandbox using the online platform or API. 2. In the elastic sandbox, Seculert studies the behavior of the code including network communications, meta-data in the network traffic and host runtime changes. 3. You can tune the sandbox by setting the execution time and region to approximate geographically targeted attacks. 4. If additional suspicious code is found during execution, it too is downloaded and sent to the Elastic Sandbox for analysis. Seculert’s Elastic Sandbox uncovered some infamous botnets including Ramnit, Kelihos.B, Mahdi, Shamoon, and Dexter. 5. Seculert uses Big Data analytics to process all of the information collected and determine whether or not the code is malicious. If the solution recognizes a known malware profile, it updates customers and partners immediately via the online dashboard and the Seculert API, which communicates directly with customer’s proxies and firewalls to block known threats. 6. If the executable’s behavior is not known, but is conclusively identified as malware, a profile is defined. Seculert immediately notifies customers and partners via the dashboard and API. In addition, the new malware profile becomes an important learning set for Seculert’s machine learning algorithms and traffic log analysis. 7. If the malware is determined to be a botnet, the data is also passed on to the Botnet Interception module, which monitors traffic and identifies infected users and IP addresses. MONITORED BEHAVIORS When a suspicious file is uploaded and run in the Elastic Sandbox, Seculert looks for hundreds of different behaviors which, taken together, can indicate malware. Some examples include: • Network traffic: All malware communicates with a command and control server which may be indicated by a dynamic DNS domain. It may also download additional files, scan for security vulnerabilities or setup back doors. • Device changes: Malware will often make changes to the host device including the registry, security settings, creating and changing files, auto-run settings and hooking. • Security detection measures: Malware actively avoids detection by disabling security settings, avoiding running while being monitored and injecting into other processes. THE ADVANTAGES OF THE SECULERT ELASTIC SANDBOX Long-term analysis Advanced malware is often quiet for long periods of time, and when it does act, it isn’t always immediately apparent that something is wrong. It is also programmed to change, so that its behavior patterns don’t become suspicious. As a result, it is essential to study malware over a period of time ranging from minutes to days. Sandboxes that run in-line on your network traffic can only run suspicious code for short periods ranging from a few seconds to a few minutes. Anything longer would be disruptive and too resource intensive. The Seculert Elastic Sandbox can execute code for as long as necessary – from a minute to an hour. Target emulation Since many botnets target a particular region, industry or organization, Seculert configures servers in a way that mimics different potential targets. The Seculert platform gives you the ability to set the region, time and additional factors that can help identify malware behavior. DATA SHEET SECULERT’S ELASTIC SANDBOX ENVIRONMENT | 2
  • 3. Invisible to Malware As malware becomes more and more sophisticated, it is able to identify sandboxing technology and will keep quiet until it thinks it is “safe.” Seculert uses proprietary technology to make malware believe that it is not running inside a sanitized, virtual environment. To the malware, the Elastic Sandbox looks like a device with natural activity such as keyboard inputs and mouse movements. Elastic, cloud environment Having scalable resources is critical because in order to understand advanced malware, you must let it run over an extended period of time, and often you must execute it on multiple servers with different properties. The elastic, distributed nature of the cloud is ideal for a sandbox environment. 40K samples daily, from all kinds of traffic and vendors Today, the Seculert Elastic Sandbox analyzes over 40,000 new malware samples every day – and the number keeps growing. The samples come from customers who upload suspicious code through the API or dashboard, Seculert’s automated traffic log analysis, the Botnet Interception module and partners. BIG DATA ANALYTICS Monitoring over 40,000 code samples a day generates a tremendous amount of data. Seculert’s Big Data analytics engine uses machine learning algorithms and Elastic MapReduce to determine whether a code is malware or not. If it is malware, all Seculert customers are immediately protected via the API and dashboard alerts. But a single-pronged approach is not enough to stay ahead of emerging threats. Seculert also uses the new malware profile as a learning set for machine learning algorithms that detect unknown malware in customer traffic logs. AUTOMATED PROTECTION API To make the most of the Elastic Sandbox, you can integrate it with your existing security infrastructure using the Seculert Protection API. The API features three simple methods/API calls for uploading and retrieving data: • A web request that uploads files via HTTP, followed by a response including the upload’s identification key • A request that retrieves the results of the analysis using the identification key • A request that retrieves the network capture file (.PCAP) of the network traffic triggered by the running of the suspicious files When malware is detected by the Elastic Sandbox, Seculert customers are notified immediately. The API can communicate directly with corporate firewalls and proxies to block traffic. To support complete forensics, threat detection data can also be sent to SIEM systems for correlation. Some additional examples of integration include: • A mail server plug-in that automatically uploads suspicious attachments to the Elastic Sandbox • An anti-virus integration that inspects quarantined files to determine their severity in order to prioritize remediation activities DATA SHEET SECULERT’S ELASTIC SANDBOX ENVIRONMENT | 3
  • 4. SECULERT DASHBOARD AND ALERTS You can upload samples to the Elastic Sandbox at any time using the dashboard as well as the API. It’s easy to configure runtime settings such as region and time. As soon as the analysis is completed, you are alerted by email and receive a detailed report. Malware reports include information about suspicious behavior observed, domains visited, registry and other host changes so that you can understand and mitigate your exposure and modify your security policies as needed. The dashboard automatically indicates whether malware was found and what activity should be blocked SYNERGISTIC TECHNOLOGIES Seculert’s Elastic Sandbox environment is extremely powerful – but it is the combination of the Elastic Sandbox working together with all of Seculert’s core technologies that provides the key to successful advanced threat protection. In addition to the Elastic Sandbox, Seculert features: • Botnet interception to detect threats that are already attacking employees, partners and customers inside and outside your organization. • Automated traffic log file analysis to identify unknown malware that is targeting your organization. • Protection API to automatically stop identified threats through integration with perimeter defenses. • Big Data analytics analyzes tens of thousands of malware profiles daily as well as petabytes of traffic logs in order to detect APTs. • Machine learning technology identifies unknown malware based on an understanding of malware behavior in order to keep up with the volume and rate of change. • Intuitive dashboard puts instant information about all advanced threats at your fingertips. • Full coverage of remote and mobile users on all endpoints including BYOD - without installing a single appliance or endpoint solution. • Cost-effective cloud service means no installation, instant results, and low total cost of ownership. LICENSING Basic Elastic Sandbox functionality is available for a total 5 samples running for 1 minute each for free. In order to upload more than 5 samples and get the ability to set the execution time and geographic region, please contact us. Toll Free (US): 1-855-732-8537 Tel (US): 1-408-560-3400 info@seculert.com www.seculert.com Tel (UK): 44-203-355-6444 Tel (Intl): 972-3-919-3366 DATA SHEET SECULERT’S ELASTIC SANDBOX ENVIRONMENT | 4