redborder Malware offers capabilities to detect malicious files and URLs

redborder Malware offers capabilities to detect malicious files and URLs
Combined knowledge to detect Malware

By the use of multiple malware detection engines and reputation services redborder goes beyond file analysis to detect malware.

By the use of multiple malware detection engines and reputation services, redborder Malware offers capabilities to detect malicious files and URLs. Not only signature based and similarity techniques are used, but reputation and sandboxing tools are taken into consideration for a broader analysis scope.

 

Continuously learning and always up to date by the use of multiple input points controlling different aspects of the infrastructure, such as email, web and endPoint activity.

 

THE ANALYSIS

 

The analysis is done to files, URLs and IP addresses and it‘s based on Real-Time and Batch Processing, which generate a combined reputation score.

Real-Time is formed by several reputation services and a glueing element.

Batch processing is divided according to how comprehensive and time consuming tasks are.

Fast path is formed by ClamScan, VirusTotal, Metascan, Yara and Yara while slow path is formed by Fuzzy Hashing and Sandboxing.

 

Reputation

 

The reputation service is the first stage in the process. Forwards content (file and URL) to next steps or drops it. Integrates with AlienVault OTX, VirusTotal, Metascan and redborder’s community and enterprise reputation feeds to make a fast decision on known content.

 

Static analysis

 

Batch analysis consists in a sequence of security tools searching for malicious content not present in the reputation feeds, and includes signature and behaviour based capabilities. Fully automate your investigation process for as long as you store the files.

 

Sandboxing

 

Sandboxing techniques are implemented in redborder Malware by the integration of Cuckoo. In this way, the behaviour of a potentially malicious code is automatically analyzed inside an isolated and realistic environment, and that knowledge integrated as part of the final verdict.



 

Get out of the file

 

redborder goes beyond file analysis to detect malware. Due to its capacity to store traffic profiles and process the logs of strategic infrastructure elements, we can detect anomalies that might be related to malware propagation and cross relate them to a suspicious file.

 

 

THE PROBES

 

redborder Malware is designed around the idea of capturing the files as they traverse your infrastructure and sending them to a centralized scale out analysis cluster. To do so, we have created or enhanced existing probes, that will also block in real time the file if it has a known bad reputation.

An extended Windows agent has been developed to further increase local IOC detection and usage forensic capabilities.

 

SNORT* redborder edition

 

We have extended SNORT’s file capture preprocessor to provide relevant context information to the file capture event. Thus, we are able to fully exploit its already great capabilities to capture files in multiple protocols as part of your IDS/ IPS deployment.

 

Email and ICAP Proxies

 

We have developed a SMTP relay as well as an ICPA proxy (HTTP) for file capturing, quarantine and blocking, They cover with specific tools the two most prevalent protocols used to propagate malware, and go beyond the capabilities of the SNORT* probe.

 

endPoint


No matter how effective the others, malware will reach the user. The endPoint probe reports on new files detected at the Windows device and blocks them based on their reputation. It also keeps a bitacora of system activity for forensic analysis and basic IOC scans.

Most important features of Malware App
Geolocation
Geolocation
Risk Level
Risk Level
URL/IP reputation
URL/IP reputation
Anomally detection
Anomally detection
Event Management
Event Management
Contextualization
Contextualization
Policy control
Policy control
Hierarchical policies
Hierarchical policies
Cybersecurity
Cybersecurity
Sandboxing
Sandboxing
Malware
IPS App

Managing SNORT* events is not new to open source. What makes us unique is the Blend Security & Network Analytics.

Network Visibility App

Just point your traffic probes to redborder and start gathering knowledge about your network. If you need more power, plug a new server into the cluster, in the Enterprise edition. redborder is the only horizontally scalable Open Source Netflow v9/ IPFIX collector.

 

Social App

The redborder Social App allows you to gather information of interest to you and your clients through Twitter usage.

Malware App

By the use of multiple malware detection engines and reputation services redborder goes beyond file analysis to detect malware.

Vault App

redborder Vault will collect, enrich, correlate and store logs securely and in a highly scalable way. It is valuable both on its own and together with the other Apps.