Unique Concept

RedSocks has invented a unique concept for detecting and fighting malware and has developed an innovative new Solution based on this innovative thinking. Traditional network security tools mainly only monitor inbound Internet traffic (Sandbox, Firewalls, Antivirus, etc). RedSocks Malicious Threat Detection (MTD) Solution focuses solely on monitoring outbound traffic to detect malicious behavior.

The RedSocks Probe/MTD architecture is plug-and-play and detects malware by checking network traffic in real-time for all malicious communication to the Internet.

For RedSocks, the security and privacy of our customers’ data is our primary concern. Our systems, the MTD and the flow monitoring setups are designed with that principle in mind.

Future Proof – Respond to Advanced Persistent Attacks

Detection by design without alert overload, the RedSocks solution is built with APTs in mind. The behavior of endpoints dramatically changes once they are infected by an APT. The RedSocks appliance raises an alert and informs the user about which end-point devices are probably infected and which ones are certainly infected. It verifies the “probably infected” devices and alerts about any suspected malware activity to watch out for.

By exclusively focusing on traffic meta-data (so-called flow data) it becomes possible to perform analysis over longer periods of time. This enables detection of the most sophisticated malware and APTs. The MTD only monitors traffic meta-data and not the content itself, thus preventing compromise of confidential corporate information. There is no additional network burden either as the Probe/MTD architecture does not send additional traffic over the network and is not setup as a MitM. Using the appliance has no impact whatsoever on the performance and reliability of the IT-infrastructure. These features make the RedSocks portfolio a unique combination of devices for a security and privacy-aware network.

Two types of deployment

Virtual Machine
Virtual Machine – The RedSocks vMTD is a virtual version of the RedSocks Malicious Threat Detector (MTD), an appliance for analyzing IPFIX traffic streams for the presence of malicious behavior and malware. It can be deployed in VMware-compatible environments and scaled up according to the needs of the target network. This document describes the RedSocks vMTD’s requirements, as well as its installation and configuration steps.
Book a demo

RedSocksMTD can also be delivered as an appliance. The MTD will be located next to the router that transfers your data to the internet. This router provides metadata of the network traffic to the MTD: not the content of the communication, but data like originating and destination address, protocol, used port and the size of the communication.

The RedSocks Probe – a device that has access to fullpacket streams – is designed for point-to-point connectivity to a RedSocks Malicious Threat Detector (MTD), e.g., for time synchronization, requires no dedicated Internet connectivity and has no on-board data storage. It is not possible for captured data to be leaked to the Internet, or to be stolen in the event of a breach. The @RedSocks MTD, acting both as flow collector and as analysis application, provides encrypted (forensic) data storage. In addition, the MTD supports transport over encrypted channels using (D)TLS, therefore transport is secure when third-party flow exporters are used.