About a year ago, I shared there are 250,000 plus new pieces of malware being produced each day. Moreover, I explained how Emerging Threats thinks they can help with the problem. If there is one constant, it is that number – 250,000 new pieces of malware are still being detected daily by the company according to Ken Gramley, CEO.
He went on to tell me in an in-person meeting that the company has tremendous amount of information related to this malicious content including IP address and where the command-and-control center for these threats are geographically. The company now takes this data which is derived from their ETPro Ruleset and is using it to provide new products to help companies fight bad code.
Emerging Threat’s newly announced Beta release of IQRisk Query, is an extensive threat intelligence database that delivers valuable information through a web-based portal and GUI (pictured). Customers which typically consist of business users or OEMs receive 3-4 years of historical data of IP and domain behavior, threat categorization, scoring, geo location, and other pertinent information on suspected IPs and domains that enables users to determine the acceptable level of risk to make informative decisions.
We then discussed how Zeus malware which is often used to spread CryptoLocker ransom-ware often has its executable file changed daily making it difficult to find using hash. Gramley then said, “Its command and control protocol doesn’t change very often.” The idea here is you can detect that you are infected by IP address and other ancillary information.
The way this works in practice is a company utilizes IQRisk Rep List to keep users from going to sites deemed malicious. In case there is still an infection, IQRisk Query lets a network manger determine that there is activity related to a site which is known to be malicious. So think of the former as proactive and the latter as reactive.
The company has 20 people and 350 paying customers as well as 200,000 plus users of their open-source solution. Many of the largest computer companies (I am not allowed to share them per Ken’s instructions) use them as their backend for security solutions and they hope to sign a very large computer and networking company customer in a week after a few years of negotiation. Again, I am sworn to secrecy.
What I can tell you is the company has a new API that it provides to some companies allowing them to instantly query to determine if a site is safe or not. Expect to see it generally available in the next 60 days.
What companies like about Emerging Threats solutions is the data is actual – meaning every malicious IP address has a history associated with it allowing a company to determine why it is there. You can see what malicious code was communicating to that IP address for the past three-plus years to give you great insight into how potentially dangerous it could be.
In an age where malicious attacks can do so much repetitional and financial damage to a corporation, solutions like those from Emerging Threats are a must-have.