BLoware – Details

A Turnkey Cybersecurity Service

Intellectual Property and sensitive data are the main target of cybercrime. Traditional perimeter defences like AntiViruses and Firewalls are continuously being bypassed by hackers. A full Security strategy must incorporate a non-stop and effective Malware detection  that can:

  • Detect Malware on every connected equipment
  • Eradicate Malware
  • Discover and eliminate unsafe network usage policies

By accomplishing these tasks the BLoware service completely relieves customers from protecting their systems.

CHALLENGE

Small and Medium Enterprises (SMEs) do not have expertise and resources to operate sophisticated Anti-Malware soutions

Image

Distributed Architecture

BLoware relies on NetFlow/IPFIX data which is collected by low cost probes at Customer’s sites and securely transferred via a VPN to the core, multi-tenant Anti-Malware engine. NetFlow/IPFIX reports the endpoints, volume and duration of the connections from the Customer’s network to the Internet, but does not look into the content of the Customer’s traffic. Therefore, it is:

  • Lightweight (NetFlow/IPFIX accounts for around 1% Customer’s bandwidth)
  • Privacy respectful
  • Agentless (no SW installed and maintained in end systems)
Image

SOLUTION

A centralised, powerful Anti-Malware engine coupled with simple, lightweight and privacy preserving data collection at Customers’ sites

BLoware’s core Anti-Malware Engine uses a large and actively validated database of “Malware Connecting IPs”. The active validation is fundamental to keep the false positives at the lowest possible level.

This technique, in combination with Machine Learning Algorithms and Heuristic approaches, allows to immediately detect the Malware that bypassed the traditional defences (AntiViruses, Firewalls) and that otherwise would remain undetected for an average of 230 Days, according to recent statistics.

Automatic Malware Detection Alerts are immediately sent to customers, who receive remote support for Malware Eradication and periodic reports about their security levels.

Bloware Service Description

Customer Experience

From the Customer’s point of view, BLoware guarantees the fastest possible Malware Detection and assistance for Malware Eradication. Differently from other cloud-based Managed Security Solutions (e.g. cloud Sandboxes) it does not require Customer’s traffic content to be sent to the cloud. NetFlow/IPFIX data is the only data that leaves (in an encrypted VPN) the customer’s Networks, and it NetFlow only contains IP addresses and other statistical data.

Service Phases

The Activation and Initial Security Audit is a limited time period (normally 3 weeks) during which the level of security of the Customers’ networks is assessed. Differently form traditional Security Audits and Penetration Testings, BLoware is completely passive, and by “listening” network traffic discovers alredy hidden Malware, unsafe network usage policies and unwanted applications, often the result of BYOD policies

In the Continuous Monitoring phase the customer’s network is kept under control 24/7. If a new Malware manages to penetrate existing defences, it is discovered and revealed as soon as it starts trying to contact its controllers in the Internet or exfiltrate data. Usage of Tor anonymization networks (often used by Malware) is promptly revealed too. Customers receive immediate alerts and remote help for Malware Eradication. The periodic repetition of Security Audits gives IT managers the constant control over their network security

BLoware helps organizations to limit the “shadow IT” problem and to regain the control of their network

BLoware lets the Customer keep their Network constantly “Malware Free”

Benefits

BLoware complements the traditional defences by inspecting if known Malware hosts are contacted by the customer’s systems: no Malware can remain undetected using this approach!

Image