There are 250,000 plus new pieces of malware being produced each day equating to one piece per person in the US in just over three and a half years. The question is, what do you do with this onslaught of algorithms which are written with malicious intent in mind? One company, Emerging Threats thinks they can help with part of the equation… Identification of the sites which are compromised.
I recently met with the company at Interop in Las Vegas to learn about their IP and domain intelligence solutions ETPro Ruleset for IDS/IPS and IQRisk Suite for IDS/IPS, Firewalls, SIEMs and DNS. The company determines a Threat Intelligence level for a site which you could consider analogous to Google’s Page Rank but ranked for maliciousness. Rankings vary from 0-127 and each entry is categorized into over 40 different categories. Moreover, years of observation yields a history of sites which can be useful to determine for example if a legitimate site has been temporarily infected with an SQL injection or other exploit.
Moreover, the data includes geolocation which may help an organization fine tune its firewall policy.
Companies are free to determine their policies based on the data provided.
Byron Rashed with the company explained that the company uses proprietary methods to identify malware and further utilize human analysis and feedback loops to ensure accuracy of the rule set which is updated daily.
Emerging Threats sells primarily through OEMs. Moreover, the work companies in this field do is absolutely crucial for Internet users worldwide and keeps the web from becoming the Wild West it could devolve into if malicious code and the people behind it were free to infect devices at will.