Post on 12-Jul-2015
1©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
IS THERE A BLIND SPOT IN YOUR CYBERCRIME VISION?ADD A THREAT DATA FEED FOR 20/20 RESULTS
2©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Today’s Webinar
Threat vectors
CYREN Feeds
GlobalView™
More detail
3©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
~70% of all email Up by 131% Up by 264%
Source: CYREN 2013 Security Yearbook, Q2, Q3 2014 Internet Threats Trend Report
Troubling Internet Security Trends
4©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Source: CYREN 2013 Security Yearbook, Q2, Q3 2014 Internet Threats Trend Report
Troubling Internet Security Trends
Also targets mobile users…
5©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
CYREN zero-hour threat data for a range of vectors:
– IP addresses detected as spam-sending zombies
– Zombies also used for DDOS and other botnet activity
CYREN Feeds
– Enhanced identification of phishing URLs from spam emails
– Enhanced identification of malicious URLs from spam emails
– H1 2015
Zombie IP Feed
Phishing URL Feed
Malware URL Feed
6©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
CYREN’s Feeds were designed with partners in mind.
Improved End-User Satisfaction
Increased Revenue
Product Differentiation
Sales, Marketing and Technical Support
Ensure users are protected from zero-hour threats.
Easily integrated to ensure cost-effectiveness, scalability, and momentum.
Be the first to market with best-of breed Internet security technology.
CYREN ensures you have everything you need to support your sales model.
Why add CYREN Feeds
7©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Poll Question #1
8©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Web security offerings
• Block malware and phishing sites
Email security offerings
• Block traffic based on IP address
• Delete/quarantine emails with phishing/malware URLs
Feed vs. SDK
• Customer maintains own DB of URLs – Feed
• Customer queries external DB – SDK
How you can use it
9©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Aggregate threat detection feeds from multiple sources, including other companies and other internal feed sources, into one single threat detection solution that can be delivered to customers
What is layered security?
10©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
We see more to protect you from more.
• 550 million endpoints and users contributing data.
• 12 Billion real-time transactions per day are analyzed by the CYREN GlobalView Cloud helping to identify threats and protect our customers.
• 200+ global partner data footprint to provide a truly global view of data not just a regional or country-specific feed.
Better Threat Data
11©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
We turn data into real-time threat detection.
• Proprietary detection technology (Recurrent Pattern Detection or RPD) Our patented technology allows us to translate our massive data set into real-time security.
• GlobalView Security Lab—Security intelligence and live data analytics.
Better Detection and Analytics
12©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Poll Question #2
13©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
Zombie IP Feed
14©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
CYREN GlobalView Cloud
Billions of emails/day
Detection of malicious IP addresses using Recurrent
Pattern Detection
Zombie IP feed
Thousands of new phishing URLs/day
How Zombie IP Feed Works
15©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Prevent fraudulent activities
Decrease bot user registration
Hinder Dynamic Denial of Service (DDoS) attacks
Supplement Advanced Persistent Threats (APT)
Delivery:
• Daily: complete dataset off all known zombies with data on the types of activity detected
• Every 10 minutes: Incremental updates (add/delete/modify) to the dataset entries
* Plus email every 24 hrs. with day’s list
About IP Address Feed
16©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Header Parameter Description
Action +/-/= Add/Delete/Modify a record
IP IP address (IPv4 format) IP address of zombie with leading zeroes as needed
First-Seen YYYY-MM-DD-HH:mm:ss First detection time (UTC)
Last-Seen YYYY-MM-DD-HH:mm:ss Most recent detection time (UTC)
Intensity Unsigned number (0.. 10) Computed intensity as active zombie. Low means spam activity is low, high indicates a high spam activity zombie host
Flags bitwise Indicates the zombie is conducting malicious activities
Class Text Bad IP category: C1 = Dynamic, C2 = Static
Risk Unsigned number (0.. 100) Ratio between malicious and valid activity
Country Country code (2 letters) Country of zombie origin
Zombie IP Feed Data Set
17©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
Phishing URL Feed
18©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
CYREN GlobalView Cloud
Billions of emails/day
1. Extraction of URLs using Recurrent Pattern Detection
2. Phishing URL logic3. Human analysts
Phishing URL feed
Thousands of new phishing URLs/day
How Phishing Feed Works
19©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Improved rules for identifying phishing URLs
• Filtering out media URLs
• Looking for sites with multiple sub-domains
• Searching for known phishing keywords
• Applying enhanced detection algorithms
• Human analysts
About Phishing Feed
20©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
“Zero-hour phishing” category for the URL Filtering SDK
Range of delivery options:
* Plus email every 24 hrs.with day’s list
Feed distribution HTTP/S Push HTTP/s Pull Email
Structure One URL per call (HTTP PUT)*
Batch per request (HTTP GET)
Text list of detected URLs as zip attachment*
Frequency Continuous, as detected
Every one minute to every 24 hrs.
Every 5 mins.
Phishing Feed Delivery
21©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
\\ URLF DATABASE + PHISHING FEEDS
RSA gets its phishing feeds from different providers, and uses them in combination to set security priorities. RSA uses CYREN’s phishing feed.
RSA’s PROCESS:• An analyst reviews the high priority URLs,
and checks to confirm it is phishing. • If a URL is confirmed as Phishing, RSA will:
1. Check if the URL belongs to one of their customers and, if so, alert them.
2. Use this data to sell their service to new customers: they get this fresh feed every 5 minutes. This is an near real-time service that they provide to their customers to protect and notify them on new possible attacks.
22©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
Malware URL Feed
23©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Enhanced identification of malicious URLs in spam emails
Automatic process to identify malicious URLs from Web traffic
Manual analysts work to enhance the detection logic
Thousands of new URLs detected per day
Consumed either as:
• Feed
• New “Zero-hour malware” category for the URL Filtering SDK
About Malware URL Feed (H1 2015)
24©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
Summary
25©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
GlobalView - vast source of data
• Billions of Internet transactions daily
Highly accurate algorithms
• Based on years of threat research and experience
Human analysts
• Confirm accuracy and continually refine algorithms
Feed Differentiators
26©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Regardless of device or location, CYREN protects you from phishing, malware and email threats with advanced internet security solutions and detection technologies.
CYREN Web Security solutions enable secure web browsing and protects you, your clients, your employees, and your corporate data.
CYREN’s Anti-Malware solutions provide the best and broadest protection against new and zero-hour threats.
Our global platform uses Recurrent Pattern Detection, security intelligence and live data analytics to continuously protect you and keep inboxes clean.
A Portfolio of Solutions
27©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Many of the world's largest corporations already depend on CYREN
technology to protect their business infrastructure and their customers.
Customers and Partners
28©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. 28©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
COMMITTED TO PARTNER SUCCESSWe focus on our core competencies so our partners can focus on theirs.
28©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
29©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Find us here:
www.CYREN.com
twitter.com/cyreninc
linkedin.com/company/cyren
Next Steps
Free evaluation
Upgrade for existing URLF customers