Counter Competitive Intelligence Services
Internal Network Monitoring:
Detect anomalous traffic
We will track the two-way communication flows between internal assets and external entities, developing an evidence trail of data exchanges that match a state-based infection sequence model. Our correlation engine that is driven by a customized and augmented release of Snort version 2, which tracks the underlying actions that occur during the malware infection process: inbound scanning, exploit usage, egg downloading, outbound bot coordination dialog, outbound attack propagation, and malware P2P communication. The correlator then ties together the dialog trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of successful local host infection. When a sequence of evidence is found to match the infection dialog model, a consolidated report is produced to capture all the relevant events and event sources that played a role during the infection process.
How is being done?
We provide the tools for automatic monitoring of your computer network traffic to reveal anomalous connections leaking your data.
Your system should have a modern Intel Pentium-class, at least 1 GB RAM, and at least 1 Ethernet NIC/WIC for network monitoring.
- One option does not require any installation of software on your computers. Will use a live CD operating on Ubuntu Linux.
- The other option is to install all Win32 executable and all the necessary supporting packages on a Windows XP workstation. This option may allow also for remote monitoring.
E1: Inbound malware port focused scans
E2: In and Outbound Exploit Detection
Client-side infection attempts (Web)
Direct Microsoft Exploit Coverage, including
- RPC exploits
- Netbios attacks
- OP/Shell code attack via overflow
Special Port Exploits
High Application Port Exploits
Inbound Only: Browser specific attacks
Outbound Only: Bad outbound email from non-SMTP
- Moderate malware-focused outbound scan detection
- Prolific non-malware-focused outbound scan detection
E3: Forced Download / Illegal Software Install Detection:
Malware/Trojan-initiated download request
Classic network stream binary spotting
Malware FTP Comms
Web-based spyware Infection Download / Install
E4: C&C Detection
Web based spyware phone home / periodic checkin
Web based malware install success reports
Inbound spyware command detection (flow established)
Web-based ADWARE phone home
BotNet C&C login/dialog /command recognition
Trojan horse periodic checkin (primarily via web ports)
Application port checkin/install success reports
SMTP callbacks (from non-SMTP hosts)
Statefull IRC botnet C&C detection
E5/E6: Insider Attack / Malware Preparation Activity
Spambot MX record search via DNS
DNS malware associated query
E7 Peer to Peer Rules
BotNet P2P protocol activity
E8: Malware Infection Declaration Rules:
Known botnet C&C IP address (specific address)
Russian Business Network (RBN) address
Prolific malware-focused outbound scan detection
To receive your Counter Competitive Intelligence
Vulnerability Assessment of open source info, please submit your payment of $99.00.
B E T T E R: Please submit your payment of $999.00 for a complete Counter Competitive Intelligence Vulnerability Assessment, including monitoring for anomalous traffic.