The hosting problem
All forms of internet badness are physically hosted somewhere.
Sounds simple, but how do you find it and remove it? That's not so simple. Hosting of malware, exploits and their control centers has become increasingly sophisticated. So much so that web hosts are often blocked from scanning content on their own network. Even if they can scan all content on their servers, most exploits won't match a virus signature.
Emulating all content on their networks in a sandbox is an option, but is far too time- and resource-consuming. After all, hosts have a business to look after and too much time spent on security is too costly; and yet too little is detrimental to business. It's a difficult balance.
With the number of public blacklists on the rise, people are becoming more aware of where badness is hosted. Once a hosting company gains the slightest reputation for being "cybercrime-friendly", whether rightly or wrongly, the reputation will only snowball. The name of the host will be passed around in underground forums and the quantity of badness will increase. This increases the workload on the abuse department, which in turn reduces the abuse reponse rate which increases the hosts reputation even further. And so on.
Can't hosts just prevent badness appearing on their networks? Unfortunately this doesn't work either. Threats are constantly evolving and increasing in complexity. Researching the latest threats is and should be beyond the scope of security officers at hosting companies.
So it's inevitable that all hosts will have to deal with badness on their networks. The key is how they deal with it.
CyberDefcon offers a range of services to hosts to help clean up their networks and keep them clean.
We scan the world's 37,000+ Autonomous Systems every day and can view your network within a global context. We use an array of techniques analyzing not only existing badness, but also potential threats to your systems and customers.
Image: we combine reputatation with actual badness to tackle both problems
As well as tracking and reverse engineering botnets, malware, exploits, badware, phishing, spam and rogues on your network, we can carry out pseudo-packet analysis without even having access to your switches. This means we can safely predict when the latest threats pose a risk of compromising your servers. We can inform you of the latest worms and trojans attempting to break into your network and where these attacks are coming from, enabling you to defend your servers in time.
Our international network of servers enable us to view your clients' hosting space from some of the internet's "dark spots", and therefore drastically reduce the chances of being blocked by malicious sites.
We can also carry out penetration testing to see if your firewalls and IDS can cope with new threats.
How we do it
- We have an expert team of ethical hackers and security analysts who view the problem from the point-of-view of the hacker
- We trace botnets and related malware to their core exploit servers, providing reasonable proofs of their deliberate placement if applicable
- We track RFI, LFI, XSA, RCE and similar exploit techniques via our specialized honeypot and traffic monitoring techniques, tracing the original cause
- We analyze spam, exploits, injections, rogues, and phishing trends in a global context, with recommendations on how to reduce these
- We analyze response times to public blacklists, giving a detailed insight into public opinion of your services
- We analyze BGP routing and bad traffic across your entire address space and use predictive analysis to determine the causes and what measures can be taken
- We provide a high-level analysis of overall medium- and long-term trends in badness, showing progress made
Find out more
We offer both community and commercial services. Get in touch to find out how we can help you today.