Endgame Systems launched iPTrust, a cloud-based botnet and malware detection service that collects and distills security data into a reputation engine. The ipTrust service provides useful information that identifies which system on an organisation’s network has been compromised by a botnet, the company said.
An enterprise is often the last one to know that its systems have been compromised. Until they figure it out, they are inadvertently distributing even more malware to other unsuspecting organisations.
With this information in hand, ipTrust identifies and tracks botnets over the Internet without relying on any internal network data. There is no software or hardware for anyone to install; ipTrust’s Web-based technology monitors public IP addresses and stores all security-related event data, explained Ingevaldson.
Over 280,000 organisations and more than 250 million IP addresses have been infected with botnets, worms, viruses, and other malware threats, many of which are designed to access networks and harvest private data, said ipTrust. Customers have access to the “hundreds of terabytes” of event data and can determine if their systems, or partner and customer networks it comes in contact with, have been infected and unwittingly carrying out other attacks, said Ingevaldson.
The botnet and malware detection service harvests, analyses and classifies malware and botnet samples into an ipTrust Reputation Engine. According to Ingevaldson, ipTrust will offer two products to take advantage of all that stored data: ipTrust Web and ipTrust Professional. Currently in beta and free for the time being, ipTrust Web remotely monitors the customer network and sends a notification if and when it has been compromised.
Although currently not available, ipTrust Professional will include an API that will allow customers to access the security events stored in the ipTrust Reputation Engine.
“ipTrust is not in the business of making desktop security software,” Ingevaldson said. Instead, organissations can take the “continuous actionable information” from ipTrust and relay it to their own security products, whether they are custom systems or from third-party vendors, to take the appropriate action to fix the problem.
A cloud-based infection notification service operating entirely outside the organisation’s network, ipTrust Web provides customers with 24/7 monitoring and notification of malicious activity originating from a company’s network, said Ingevaldson. The customer provides ipTrust with the range of its public IP addresses when signing up. Then ipTrust continuously monitors its events data to see if those IP addresses ever show up. If there is a match, the service knows a system within the network has been compromised and immediately notifies the customer, he said.
Since the customer is notified as soon as the infected system starts sending out malware, steps can be taken to shut down the offending machine immediately, thus minimising the potential for damage. To determine the “trustworthiness” of an address from a computer accessing the network, ipTrust Professional checks to see whether or not the address belongs to a client.
It is not just IP-address monitoring, as ipTrust also takes into account specific behaviour and when it occurs as part of its confidence score calculations. A machine that connected to a known botnet server this week will have a worse confidence score, indicating it is a threat, compared to a machine that connected a year ago and never again, said Ingevaldson.
ipTrust said it provides easy to read reports that provide an efficient view into the threats emanating from the network and the IP addresses likely hosting those threats.
The collected data is available via a Web-based API. IT managers can tap into the Engine and integrate the data with the organisation’s applications, such as checking an IP address trying to access the VPN against the ipTrust engine before allowing access to the network, said Ingevaldson.
The events data in ipTrust’s database was compiled from monitoring academic networks, by setting up honeypots and sinkholes to gather data about malicious networks, and from vendors that gather security data.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…