Attackers can be amazingly resourceful and persistent, changing tactics often to bypass IT security countermeasures. They have a clear advantage: they choose when to attack, how to attack, and are capable of surprising any prevention technology deployed. As a result, constant monitoring is required to detect and remediate malware.
Known and Unknown Malware Detection
SecqureOne’s built-in security tools and network monitoring capabilities provide visibility to exploits that un-integrated security tools won’t catch. Whereas static “signature-based” anti-malware software used to be effective, this is not the case with polymorphic malware. Polymorphic malware is destructive software, such as a Trojan, virus, work or spyware that constantly changes. In addition, Zero-day malware is often only detected by noticing strange behavior on the network – making USM’s built in network and behavioral analysis critical.
Web Based Attack Detection
USM is particularly effective with Web-based attacks, such as SQL Injection and Cross-site scripting. SQL Injection exploits are used to extract sensitive information from websites. Dynamic web applications with SQL back-ends are likely to be vulnerable to this attack. Cross-site scripting allows attackers to manipulate web sites that they do not own. The purpose of the exploit is to compromise the user’s local system to install malware or get information (such as hijacked cookies) so they can impersonate the user on another web site. USM continuously monitors for SQL Injection and Cross-Site scripting exploits
Small and Medium Business
Small and medium businesses are very attractive targets, typically lacking security-proficient IT staff and typically not having budget for purchasing IT security countermeasures from traditional security vendors. According to Gartner, in 2012 50% of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2013 was businesses with fewer than 250 employees; 31% of all attacks targeted them. USM is an optimal product from small and medium businesses, since it’s affordable and includes all the security tools needed, built-in and integrated.
Open Threat Exchange
OTX is tightly integrated with USM to provide the full picture of activity on your network threat intelligence from outside of you network. USM uses this information to help you prioritize risk and focus your resources better, by correlating known malicious IPs with activities on network components such as firewalls, proxies, web servers, anti-virus systems, and intrusion detection systems. Malware can also be detected in transit over the network (as it is downloaded and installed onto a compromised host), or when it communicates back to its command and control servers. OTX integration is very helpful in identifying known malicious hosts acting as command and control servers.
Let’s Talk for additional information or assistance.