Why is Malware-Control so efficient?
Malware Control is EFFICIENT because it is a radical approach to corporate network security. Instead of building a Chinese wall to block malicious files, Malware Control stops malware when it tries to send data out!
- Malware Collection: We collect malware URLs from multiple sources, including P2P websites and email spam. Malware Control focuses on an exhaustive coverage of malware to catch threats that target INDUSTRY SENSITIVE information.
- Command & Control Server Analysis: We run malware pieces in the real world to uncover fuzzy techniques used by skilled fraudsters using our proprietary DNS estimate technology, which is central to evaluating threat prevalence.
Collection: We collect millions of new malwares from many sources (infected pages, Spam, P2P, submissions…) representing a close to exhaustive coverage of malware in the wild. The collection phase is key to catch the most stealth threats, the ones that target industry-specific sensitive information leaks or localized corporate victims.
C&Cs analysis: We execute every malware samples in real environments from our computing facilities in Canada, France and Singapore. Our testbeds run samples on platforms with a proprietary technology to avoid malware coding protection and fuzzy techniques (implemented by the most skilled fraudsters).
While effectively running the malware pieces in the real-world, we uncover all executed malware outbound connections.
In this phase, we use our DNS Estimate technology to qualify the level of propagation for each malware. This technique is central to evaluate the threat prevalence for each malware or botnet, whether it has infected 100 or 500k victims.
Whitelisting: When the challenge is to provide an effective blocklist, we have to consider that executed malwares establish both malicious and legitimate connections. Malicious destinations are payloads, commands, or information leaks uploads, while legitimate destinations may be traffic analysis services, advertizing contents, traffic tests, proxies or DNS resolutions.
We clean the feeds with a strong white listing policy, enhanced by analysts’ manual reviews. The result is that we guarantee a 0.000% false-positive ratio in our selection for malicious false destinations, facing the 1m most popular web destinations. For the rest of the less-popular legitimate Internet, we guarantee to keep the theoritical rate of false-positives under 0.0008%.
Service delivery: Our whole processing system, to generate only active c&cs, is in real-time to keep up with these rapid-changing threats. For any of our users, we provide 3 feeds:
- Top threats (± 5’000 most prevalent c&cs )
- Moderate (± 10’000)
- Aggressive (Full list)
These progressive lists ensure the optimum ratio protection vs performance. Depending on the solution identified to host Malware-Control, administrators can adopt a progressive approach (testing any of the 3 feeds) to maintain its traffic performance. With return on experience from our installed base, more than 90% of our users have implemented the Aggressive feed without any performance impact. We advise a feed update period of 15 minutes.
Malware-Control feeds are provided in the right format for each host solution (proxies, firewalls, security gateways or traffic filtering appliances).
We provide 3-click guidelines for each solution we integrate with. You can check our list of compliant host solutions, or freely request a compliance review from our team.
French