Cyber Threat Probe Added to Lumeta IPsonar

Share Article

Network Situational Awareness Enhanced by Threat Intelligence Feeds Identifies Botnets, Zombies and Other Cyber Threats

Lumeta IPsonar

Lumeta IPsonar

... couple threat intelligence with comprehensive network indexing and network segmentation validation – in an automated fashion ...

Lumeta Corporation, the leader in network situational awareness, today announced the release of its Cyber Threat Probe for Lumeta IPsonar. The Cyber Threat Probe allows clients to determine if known threat or malware IP address space on the Internet can be reached from within their enterprise network, and also if any of their internal network infrastructure is participating in malicious activity, such as a zombie botnet.

Organizations are at constant risk of infiltration by known bad actors on the Internet or the Dark Web. Certain malware programs can compromise software on a computer, turning that device into a zombie participant in a botnet. This zombie machine, running quietly in the background, provides cyber attackers full access to everything on the computer – and the ability to spread spam, viruses and spyware across the enterprise network or participate in distributed denial of service attacks on other unsuspecting organizations.

It is also very common to find that security defenses are not uniform across an enterprise network. While there are many egress points that do not let traffic out to known malware Command and Control (C2) servers or third-generation onion router (TOR) exit nodes, it is also true that Firewalls/Next-Generation Firewalls/Intrusion Prevention Systems/Data Loss Prevention solutions are not effective at limiting, or blocking entirely, outbound sessions over risky protocols.

Lumeta’s Cyber Threat Probe is designed to help organizations stem zombie infections and keep other threats and bad actors in check. With the Probe, threat intelligence is made actionable by utilizing existing capabilities of IPsonar 6.1 to correlate a comprehensive index of an enterprise’s IP address space against known threats. As soon as new threat intelligence becomes available, IPsonar will report against the new threats and send out notifications. The Cyber Threat Probe includes the ability for user-defined views to highlight findings and ease remediation.

IT professionals can use the Cyber Threat Probe for the following use cases:

  • Zombie Hunting (Identification of Botnet/C2 Infrastructure Internally) – Determine whether or not any trusted enterprise assets are malware infected infrastructure (participating in command and control botnet) or part of blacklists/Dropnets/Shadowserver/attacker lists.

The Cyber Threat Probe correlates IPsonar’s full index of the enterprise IP address space against known bad IP addresses to find enterprise assets that are blacklisted (listed in threat intelligence as malware/botnet machines). It raises a flag regarding any potentially compromised machines.

  • Identification of Internal TOR Relays/Bridges – Determine if any trusted/enterprise assets are, or were, acting as TOR relays/ bridges potentially for nefarious purposes.

The Cyber Threat Probe correlates IPsonar’s full index of the enterprise IP address space against TOR relay IP addresses to find enterprise assets that are listed as an active (or historical) TOR relay. It flags devices that are behaving as relays/bridges.

  • Validation of No Access to Known Malware C2 Servers – Determine whether or not active security controls prevent malware callback and data exfiltration to known botnet/C2 networks and servers.

The Cyber Threat Probe ingests threat intelligence feeds and uses that information as the target list for IPsonar to assess whether it can reach known C2 botnets. If those machines can be reached, a red flag is raised.

  • Validation of No Access to Known TOR Exit Nodes – Determine whether or not active security controls prevent call back to TOR exit nodes.

The Cyber Threat Probe ingests threat intelligence feeds and uses that information as the target list for IPsonar to reach known TOR exit nodes. If those nodes can be reached, a red flag is raised.

“The Cyber Threat Probe for Lumeta IPsonar currently works with Emerging Threats and abuse.ch open source threat intelligence feeds, and shortly will also leverage several paid-subscription feeds,” said Brandon Hoffman, chief technology officer for Lumeta, “but we are already continuing our work to enhance the Probe in subsequent updates to take advantage of additional threat intelligence sources.”

Continued Hoffman: “Lumeta’s ability to couple threat intelligence with comprehensive network indexing and network segmentation validation – in an automated fashion – is a very unique feature in today’s marketplace.

Availability
The Cyber Threat Probe is generally available (GA) today, at no additional cost to clients with an IPsonar 6.1 subscription or maintenance agreement. (Clients must have or upgrade to IPsonar 6.1. The Cyber Threat Probe can be downloaded from Lumeta’s client support site.)

Additional Resources
To learn more about the Cyber Threat Probe, please visit: http://www.lumeta.com/solutions/operationalizing-threat-intelligence/

About Lumeta Corporation
Lumeta’s network situational awareness platform is the authoritative source for enterprise network infrastructure and cybersecurity analytics. Available for both real-time monitoring and point-in-time auditing, Lumeta recursively indexes a network to identify and map every IP connected device, as well as uncover network segmentation violations and cybersecurity anomalies. The foundational intelligence provided by Lumeta gives IT management a clear, comprehensive assessment of network vulnerabilities, cyber threat risks and policy violations from network edge to core, allowing for decision making impacting security, compliance and availability. Lumeta’s solution addresses today’s security initiatives associated with continuous monitoring; SANS Top 20 Critical Security Controls; and virtualized infrastructure including private and public cloud visibility, outsourcing and offshoring, and software defined networks (SDN) – all of which increase the complexity of a network and challenge traditional security defenses. Lumeta’s solution also delivers an efficient and cost-effective process to streamline network consolidation (M&A) projects. Lumeta optimizes other network and security product investments by feeding them accurate and fact-based network intelligence. Headquartered in Somerset, New Jersey, Lumeta has operations and customers throughout the world. More information is available at http://www.lumeta.com
# # #
Lumeta and IPsonar are trademarks of the Lumeta Corporation. Other product and company names appearing in this document may be trademarks of their respective owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Melody Iffland
Follow us on
Visit website