Heuristics based Malicious Threat Detection

Security products generally attempt to prevent malware infections by inspecting incoming code, scripts, traffic and other content.

RedSocks, however, uses a different approach: RedSocks Malicious Threat Detector (MTD) focuses on the communication characteristics of malware that has installed itself on your devices. This methode provides accurate visibility into advanced or targeted attacks, and malware that have slipped through other security products. It provides instant notifications whenever a device has become infected. Whereas other security products have difficulty cleansing existing environments, RedSocks MTD placed in a new environment will effortlessly detect malware that has been present for days, weeks or even months.

Catching unknown threats in a pattern

For the detection of malicious behaviour over a longer period of time, the MTD uses heuristic analyses of traffic data history. This feature enables the MTD to utilise a more fine-grained detection method designed to capture malware that slips through security products implementations that are limited to real-time detection.

Heuristic analyses have been recognised for years as advanced methods for detecting unknown malware. “In order to reduce the risk of ‘false positives’, the RedSocks solution links the analysis of the behaviour with analysis of the network traffic destinations to match network activities against a whole range of criteria. In this way we can catch unknown malware in a pattern, as it were, and create an unprecedentedly reliable indicator of compromise.”

RedSocks Malware Intelligence Team

Intelligently discover malware even before dangerous code is even developed!

The RedSocks Malware Intelligence Team is a group of highly trained experts who specialise in malware. Their primary task is to develop risk analyses and compile lists of malicious indicators on a 24/7 basis. The results of their enduring malware research is continuously implemented through updates to the RedSocks MTD appliance.

The Malware Intelligence Team is the backbone in our fight against malware. In addition to malicious indicator compilations, the Intelligence Team writes detection algorithms for malicious behaviour. In other words, the RedSocks MTD can intelligently discover malware even before dangerous code has even been developed! By staying abreast of current trends and IT risks, the Malware Intelligence Team is able to stay ahead of the curve, while keeping your infrastructure secure 24 hours a day, 7 days a week.

Large-scale Malware Analysis with EU feeds focus

Automation in research is an important aspect of our overall speed & effectiveness in terms of malware threat research. On a daily basis up to 100.000 new unique pieces of malware are automatically analysed in the RedSocks Lab. This way, RedSocks keeps close track of new malicious trends in the field; for example, new methodologies that are used to compromise specific devices. Due to this effort, new breeds of malware are identified in our own lab, translated into new detection algorithms and then new malicious indicators are integrated into the MTD via updates. Approximately 1.000.000 bad IPs are sent to the MTD appliance per hour — these are gathered in real-time by the RedSocks Malware Intelligence Team.

In addition RedSocks commits extra resources, when needed, to address specialised malware that magnifies over time to become a serious threat. Increasingly, criminals and hostile states are targeting specific companies or industry sectors utilising specialised malware.

To help combat this trend, a large partner network continuously provides RedSocks with malware collections that are harvested in the wild. This collection frequently contains malware that focuses on Dutch and other Western European targets, particularly those that target departments within companies (e.g., R&D, Sales, Finance), certain data storage, production and research bodies, or government entities.