Block malwares entering more efficiently
Multivendor Protection Approach
Scale away from monoculture protection solutions
Detect Advanced Persistent Threats
Scan leveraging multiple AV engines
traffic, users web traffic, file storage, and web portals
There is no denying the fact sophisticated malware is hitting organisations hard. Research shows digital attacks often takes place through the spread of virus through email systems and other malicious software infections. Thousands of new versions of malware appear on a daily basis. While there is substantial improvement in the malware detection space; it isn’t just enough to catch up with the cyber criminals who are lurking around for the next victim to fall prey to them. Several of technologies available in the market often do not scale to solve the problems.
Malware is hitting companies hard. According to Positive Technologies research, 41% of digital attacks in Q4 2017 involved use of viruses or other malicious software. Around 250,000 new copies of malware appear every day, while malware as a service is putting advanced threats in the hands of anyone willing to pay. Malware detection technology continues to improve—but not quickly enough to respond to the threat.
The conventional approach to malware detection includes the difficulty of localizing distributed attacks as well as understanding their past and current consequences. Often they follow single-vendor monocultures for malware protection. Traditional systems do not offer a single point for monitoring all objects in infrastructure traffic.
Why is the solution relevant and important to an enterprise?
End customers must relay on multistream malware detection systems which outsmarts traditional single vendor | single stream approach. With a more modern approach, it is easier to detect, track, and block the spread of malware on corporate infrastructure in real time. Multiscanning solutions can be server based deployable within your existing infrastructure to monitor and block threats – be it on the web, email or traffic related to the web. The system detects infected objects in all kinds of data streams, aggregating similar attacks into threat chains. These chains are the best way to spot mass infections and investigate, especially for events that occur gradually over time and would be easy for humans to overlook. These systems can be well integrated with Security Incident an Event Management solutions to bring forth greater visibility.
What benefits will the enterprise derive by implementing the solution?
Information security teams in organizations are striving to achieve greater visibility in threats so as to ensure the operations are not under jeopardy – this is where solutions such as multi-scanners with multiple layers of scanning can ease their pressures, as the more is known, the better will be the quality of decision they can take to ward off cyber criminals. Some of the key benefits are as follows:-
Corporate traffic (monitoring). Scanning of files via SPAN mirroring of network traffic in realtime. Enriched event context in protection systems (IPS/IDS, SIEM). Rapid incident reaction andinvestigation.
• Mail traffic (monitoring and blocking). Online verification of email messages. Detection of malicious attachments and senders. Scanning of mail archives (including multipart and password-protected ones). Protection against malware infection attempts involving social engineering.
• Users web traffic (monitoring and blocking). Strengthened perimeter security thanks to detection of malicious content in files downloaded from external subnets (including via HTTPS).
• Web portals (monitoring and blocking). Active protection of sites against malicious content. Detection of data leaks and bots. Verification of user-originated content.
• File storage (monitoring and blocking). Detection of malicious content, infected executables and documents. Rapid blocking to prevent spread of malicious files. Retrospective scanning and re-scanning of potential threats when knowledge bases are updated.
• Internal service. Manual scanning of files. Knowledge base. Statistics about verdicts and downloaded objects. User alerts if malware is detected in previously downloaded files.
Who does Cyberton represent to provision this technology?
Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community.
State-of-the-art solutions are developed at Positive Research, the company’s flagship research center and one of the largest in Europe. Positive Research experts have helped to identify and fix over 250 zero-day vulnerabilities in products from Cisco, Google, Honeywell, Huawei, Microsoft, Oracle, SAP, Schneider Electric, Siemens, and others, earning a reputation for world-class expertise in protection of devices and infrastructures at all scales from ATMs to nuclear power stations.
Findings by Positive Research are used for updating the MaxPatrol knowledge base and for development of security solutions including PT Application Firewall, PT Application Inspector, MaxPatrol Vulnerability and Compliance Management Solution, PT ISIM, PT MultiScanner and SS7 Attack Discovery. These products allow securing web applications, evaluating network protection, blocking attacks in real time, ensuring compliance with industry and national standards, and training security specialists. In 2015 and in 2016, the company was rated a Visionary in the Gartner Magic Quadrant for Web Application Firewalls (WAF).
Positive Technologies is the organizer of the annual Positive Hack Days international forum and security competition, in which over 4,000 experts take part every year.
Company specialists actively participate in organizations dedicated to information security (CEH, CIS, ISACA, Web Application Security Consortium), publish their works in various magazines devoted to practical information security, and regularly speak at major IS international conferences, including: Black Hat USA, CanSecWest, FIRST Annual Conference, HackInParis, Hack In The Box, ITSF, Microsoft Security Briefing, Nullcon, POC, Positive Hack Days, SAS, ZeroNights and others.