Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
-
Upload
cyren -
Category
Technology
-
view
131 -
download
0
Transcript of Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
![Page 1: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/1.jpg)
1©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
IS THERE A BLIND SPOT IN YOUR CYBERCRIME VISION?ADD A THREAT DATA FEED FOR 20/20 RESULTS
![Page 2: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/2.jpg)
2©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Today’s Webinar
Threat vectors
CYREN Feeds
GlobalView™
More detail
![Page 3: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/3.jpg)
3©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
~70% of all email Up by 131% Up by 264%
Source: CYREN 2013 Security Yearbook, Q2, Q3 2014 Internet Threats Trend Report
Troubling Internet Security Trends
![Page 4: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/4.jpg)
4©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Source: CYREN 2013 Security Yearbook, Q2, Q3 2014 Internet Threats Trend Report
Troubling Internet Security Trends
Also targets mobile users…
![Page 5: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/5.jpg)
5©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
CYREN zero-hour threat data for a range of vectors:
– IP addresses detected as spam-sending zombies
– Zombies also used for DDOS and other botnet activity
CYREN Feeds
– Enhanced identification of phishing URLs from spam emails
– Enhanced identification of malicious URLs from spam emails
– H1 2015
Zombie IP Feed
Phishing URL Feed
Malware URL Feed
![Page 6: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/6.jpg)
6©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
CYREN’s Feeds were designed with partners in mind.
Improved End-User Satisfaction
Increased Revenue
Product Differentiation
Sales, Marketing and Technical Support
Ensure users are protected from zero-hour threats.
Easily integrated to ensure cost-effectiveness, scalability, and momentum.
Be the first to market with best-of breed Internet security technology.
CYREN ensures you have everything you need to support your sales model.
Why add CYREN Feeds
![Page 7: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/7.jpg)
7©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Poll Question #1
![Page 8: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/8.jpg)
8©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Web security offerings
• Block malware and phishing sites
Email security offerings
• Block traffic based on IP address
• Delete/quarantine emails with phishing/malware URLs
Feed vs. SDK
• Customer maintains own DB of URLs – Feed
• Customer queries external DB – SDK
How you can use it
![Page 9: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/9.jpg)
9©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Aggregate threat detection feeds from multiple sources, including other companies and other internal feed sources, into one single threat detection solution that can be delivered to customers
What is layered security?
![Page 10: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/10.jpg)
10©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
We see more to protect you from more.
• 550 million endpoints and users contributing data.
• 12 Billion real-time transactions per day are analyzed by the CYREN GlobalView Cloud helping to identify threats and protect our customers.
• 200+ global partner data footprint to provide a truly global view of data not just a regional or country-specific feed.
Better Threat Data
![Page 11: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/11.jpg)
11©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
We turn data into real-time threat detection.
• Proprietary detection technology (Recurrent Pattern Detection or RPD) Our patented technology allows us to translate our massive data set into real-time security.
• GlobalView Security Lab—Security intelligence and live data analytics.
Better Detection and Analytics
![Page 12: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/12.jpg)
12©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Poll Question #2
![Page 13: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/13.jpg)
13©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
Zombie IP Feed
![Page 14: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/14.jpg)
14©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
CYREN GlobalView Cloud
Billions of emails/day
Detection of malicious IP addresses using Recurrent
Pattern Detection
Zombie IP feed
Thousands of new phishing URLs/day
How Zombie IP Feed Works
![Page 15: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/15.jpg)
15©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Prevent fraudulent activities
Decrease bot user registration
Hinder Dynamic Denial of Service (DDoS) attacks
Supplement Advanced Persistent Threats (APT)
Delivery:
• Daily: complete dataset off all known zombies with data on the types of activity detected
• Every 10 minutes: Incremental updates (add/delete/modify) to the dataset entries
* Plus email every 24 hrs. with day’s list
About IP Address Feed
![Page 16: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/16.jpg)
16©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Header Parameter Description
Action +/-/= Add/Delete/Modify a record
IP IP address (IPv4 format) IP address of zombie with leading zeroes as needed
First-Seen YYYY-MM-DD-HH:mm:ss First detection time (UTC)
Last-Seen YYYY-MM-DD-HH:mm:ss Most recent detection time (UTC)
Intensity Unsigned number (0.. 10) Computed intensity as active zombie. Low means spam activity is low, high indicates a high spam activity zombie host
Flags bitwise Indicates the zombie is conducting malicious activities
Class Text Bad IP category: C1 = Dynamic, C2 = Static
Risk Unsigned number (0.. 100) Ratio between malicious and valid activity
Country Country code (2 letters) Country of zombie origin
Zombie IP Feed Data Set
![Page 17: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/17.jpg)
17©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
Phishing URL Feed
![Page 18: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/18.jpg)
18©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
CYREN GlobalView Cloud
Billions of emails/day
1. Extraction of URLs using Recurrent Pattern Detection
2. Phishing URL logic3. Human analysts
Phishing URL feed
Thousands of new phishing URLs/day
How Phishing Feed Works
![Page 19: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/19.jpg)
19©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Improved rules for identifying phishing URLs
• Filtering out media URLs
• Looking for sites with multiple sub-domains
• Searching for known phishing keywords
• Applying enhanced detection algorithms
• Human analysts
About Phishing Feed
![Page 20: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/20.jpg)
20©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
“Zero-hour phishing” category for the URL Filtering SDK
Range of delivery options:
* Plus email every 24 hrs.with day’s list
Feed distribution HTTP/S Push HTTP/s Pull Email
Structure One URL per call (HTTP PUT)*
Batch per request (HTTP GET)
Text list of detected URLs as zip attachment*
Frequency Continuous, as detected
Every one minute to every 24 hrs.
Every 5 mins.
Phishing Feed Delivery
![Page 21: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/21.jpg)
21©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
\\ URLF DATABASE + PHISHING FEEDS
RSA gets its phishing feeds from different providers, and uses them in combination to set security priorities. RSA uses CYREN’s phishing feed.
RSA’s PROCESS:• An analyst reviews the high priority URLs,
and checks to confirm it is phishing. • If a URL is confirmed as Phishing, RSA will:
1. Check if the URL belongs to one of their customers and, if so, alert them.
2. Use this data to sell their service to new customers: they get this fresh feed every 5 minutes. This is an near real-time service that they provide to their customers to protect and notify them on new possible attacks.
![Page 22: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/22.jpg)
22©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
Malware URL Feed
![Page 23: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/23.jpg)
23©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Enhanced identification of malicious URLs in spam emails
Automatic process to identify malicious URLs from Web traffic
Manual analysts work to enhance the detection logic
Thousands of new URLs detected per day
Consumed either as:
• Feed
• New “Zero-hour malware” category for the URL Filtering SDK
About Malware URL Feed (H1 2015)
![Page 24: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/24.jpg)
24©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
Summary
![Page 25: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/25.jpg)
25©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
GlobalView - vast source of data
• Billions of Internet transactions daily
Highly accurate algorithms
• Based on years of threat research and experience
Human analysts
• Confirm accuracy and continually refine algorithms
Feed Differentiators
![Page 26: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/26.jpg)
26©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Regardless of device or location, CYREN protects you from phishing, malware and email threats with advanced internet security solutions and detection technologies.
CYREN Web Security solutions enable secure web browsing and protects you, your clients, your employees, and your corporate data.
CYREN’s Anti-Malware solutions provide the best and broadest protection against new and zero-hour threats.
Our global platform uses Recurrent Pattern Detection, security intelligence and live data analytics to continuously protect you and keep inboxes clean.
A Portfolio of Solutions
![Page 27: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/27.jpg)
27©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Many of the world's largest corporations already depend on CYREN
technology to protect their business infrastructure and their customers.
Customers and Partners
![Page 28: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/28.jpg)
28©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. 28©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
COMMITTED TO PARTNER SUCCESSWe focus on our core competencies so our partners can focus on theirs.
28©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
![Page 29: Webinar: Is There A Blind Spot In Your Cyberthreat Vision?](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a225921a28ab9e168b4720/html5/thumbnails/29.jpg)
29©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Find us here:
www.CYREN.com
twitter.com/cyreninc
linkedin.com/company/cyren
Next Steps
Free evaluation
Upgrade for existing URLF customers