Partners

Contact Us

 

Cyber Threat Intelligence™

Cyveillance Cyber Threat Intelligence provides real-time, specific intelligence about high risk hosts, domains, Web pages, malicious payloads and IP addresses. By integrating network security appliances and applications with real-time, “from the wild” intelligence on what is happening beyond the perimeter, Cyveillance Cyber Threat Intelligence enables a more proactive security posture – network defense systems are aware of the latest threats before they land at the door, rather than hoping to recognize them when they arrive.

Unique Approach

Unlike many security intelligence feeds and service that are based on known signatures, or URL blacklists that periodically catalog known and/or dedicated ‘bad boxes”, Cyveillance Cyber Threat Intelligence provides timely, accurate warning of high-risk IP addresses, including detailed information about the malicious activities in which they are engaged right now. This intelligence is used to prevent users or applications from accessing or connecting with those resources, thus, greatly reducing the possibility of compromise of either human users or network assets. Additionally, outbound connections to IP addresses delivered via Cyveillance Cyber Threat Intelligence can be used to detect a bot infection, insider (i.e. employee) threat or attempted infiltration.

Comprehensive Zero-day Attack Intelligence

Cyveillance provides comprehensive detection of known and unknown zero-day malware threats. Many of Cyveillance’s competitors use a signature-based system that relies solely on known exploits or on an overly-restrictive behavioral analysis system. Using a known exploit signature approach, the companies generate a hash or unique ID signatures for a given exploit and evaluate Web sites for a match against the signatures. This approach is an inherently flawed, reactive mechanism. Even the most minor of changes in a particular exploit will generate a completely new signature; thus, minimizing the effectiveness of the approach. Also, running behavioral analysis technology inline to other applications most often yields a very large number of false positives. Therefore, companies that deploy the behavioral technology in this manner must be very restrictive in order to minimize false positives. Cyveillance uses multiple-signature approaches combined with leading behavioral-based technologies to analyze Web sites in both an in-line and offline fashion. This layered approach to security yields better, more accurate and more comprehensive malware coverage of the Internet.

Accurate Intelligence on Evolving Cyber Threats

To ensure a high level of accuracy, Cyveillance employs a thorough quality assurance program. Our security lab identifies new malware or malicious behaviors. The new malware and malicious behaviors are analyzed and, based on the analysis, are placed into our production system for client deliveries or discarded. To insure all configurations maintain a high degree of accuracy, continuous, random sampling is employed.

Real-time feed or Web service delivery

Cyveillance Cyber Threat Intelligence is available as a real-time feed or via Web service. The CSV or XML formats are easily consumed by a variety of applications and specific elements can easily be integrated into firewalls, sensors, mail and Web gateway devices or network infrastructure.

Risk type examples:

  • Phishing Host (PH) – IP found hosting one or more phishing pages on the date in question, possibly a criminal server or compromised legitimate host.
  • Exploit Page/Malware Infection Point (MI) – Hosts a web site or page that, upon visit in a browser, attempts to exploit or infect the user’s PC.
  • Malware CnC/Comm (MC) – IP observed involved in issuing commands to, or receiving communication from, a PC and application known to be malware/infected.
  • Rogue DNS Resolver (RD) – A server which is observed improperly resolving DNS queries, i.e., it is not only running DNS, but has been demonstrably shown to resolve a domain to an IP other than those proper for that domain. This is usually an indication that the host is either an active participant in a pharming attack or is “infrastructure in waiting” for a future attack.
  • Botted node (BN) – Known “botted” PC or server, idicating a machine that has been infected with software to turn it into a bot or zombie for spamming, click-fraud, DDOS attacks or other malicious “mass attack” behavior.
  • Many others

Become a Cyveillance Partner Today

  • Contact us to become a Cyveillance partner today.
  • Learn more about the Cyveillance Partner Program.