What is malware
Malware is a general name of malicious software which cybercriminals use in their attacks, such as server infections or data theft. An attack method that is becoming more and more popular is to infect workstations and take them over using malware embedded in files sent via email or in especially designed fraudulent websites. Another frequently used method is malware designed particularly for the purpose of a specific attack. It is not detected by commonly used IPS/IDS solutions (Intrusion Prevention / Detection System) or firewalls. The range of this phenomenon is huge – every year over 140 million versions of harmful applications and scripts are created.
What may be the consequences of such attacks
The consequences of malware operations may vary – from displaying unwanted ads (adware) and taking over web cams (camjacking) to blocking computers for ransom (ransomware). Many a time the infected computer becomes a part of a botnet and is used for DDoS attacks without the user even knowing it. The malicious code may steal data and cause direct financial damage to the organization.
How to prevent the attacks
In addition to regular building of awareness of cyber threats among employees, a mandatory solution to protect an organization is antimalware / anti-APT (Advanced Persistent Threat) products. They may detect a suspicious file and analyze its contents on the fly. They may also open the file to verify it in a secure, isolated virtual environment.
However, these are usually very costly solutions and their maintenance and proper functioning will require a team of top-class specialists. What is more, they should know not only the specificity of malware but how to reverse engineer it.
What is Exatel Anti-Malware service
Exatel Anti-malware is a service that comprehensively protects the Customer’s IT resources against known and unknown malware. It is deployed on a central platform located in our data center and on devices (sensors) located in the customer’s facility. It is fully launched, configured and managed by our specialists. We provide the service on Fidelis XPS platform of Fidelis Cybersecurity.
Why Fidelis XPS
Fidelis XPS controls data correlation mechanisms in real time. Analyses and bidirectional communication control reduce the risks posed by contemporary threats, which are difficult to detect. It examines the entire traffic network – at the levels of protocol, application and contents – independently or together with the context. The dependable analysis conducted by Fidelis XPS enhances the architecture of network security. It enables advanced threat management and effective response to events using flexibly created and modified rules. What is more, Fidelis XPS stores information about each element sent via the network for the past several months, which is invaluable support when conducting security audits.
Fidelis XPS uses patented Deep Session Inspection technology that employs a unique five-step process to analyze the network traffic:
- Seize the packages
- Establish the session
- Analyze the channel and applications
- Decode data blocks
- Analyze content
How does DPI technology work
Once Fidelis XPS detects a file with suspicious content, it may be sent for an in-depth analysis in a secure, isolated, virtual environment (sandboxing).
- decodes and analyses, as deeply as needed, embedded elements in real time
- collects information based on contents, communication channel, knowledge of sources and destinations of transmission
- assesses transmissions based on collected attributes from many transmission levels
- undertakes actions based on flexibly created and modified rules
- stores information about each element sent via the network for the past several months
- allows sending the suspicious software (which may contain malware) for analysis in a separated, secure virtual environment (sandbox)
Scope of the service
- configuration, activation and maintenance of the service
- active 24/7/365 monitoring of security of customer’s IT resources to detect malware
- continuous notification of the Customer on current malware-related threats
- online reports
- full support provided by experts throughout the entire cooperation cycle, including the pre-sales stage. The support includes an analysis of the existing infrastructure, customer’s needs and preparation of a functional solution
- Service Level Agreement (SLA)
- one contact point – 24/7/365 Customer Service Line
- optionally: access to historical network traffic metadata
Benefits of the service
- comprehensive and professional protection of the customer’s IT infrastructure against known and unknown malware
- full visibility of all 65 thousand ports
- analysis of both the content and context
- stronger security of intellectual property and other resources of the organization
- minimization of ICT security incident management costs
- major cut of incident resolution times
- mitigation of reputational risk in the case of the most dangerous attacks
- possibility to activate the data leak prevention service on the same hardware platform
- historical and real time analyses in one interface
- speed and scalability