Lancope released new threat intelligence for monitoring global cyber attacks. Through its StealthWatch Labs Intelligence Center (SLIC), Lancope is now delivering two new Threat Scope maps to display DoS and malicious Internet scanning activity happening around the world.
These new layers of security context are delivered to the public via the SLIC portal, and are also incorporated into the StealthWatch System to further enhance its early threat detection capabilities.
“The goal of StealthWatch Labs is to keep customers and enterprises as a whole a step ahead of online attackers,” said Tom Cross, director of security research for Lancope. “By conducting continuous, in-depth research into global threats, we can deliver a steady stream of intelligence to the general public, as well as continue to refine the behavioral algorithms that make our StealthWatch product so effective for uncovering unknown threats within the network.”
The first new SLIC Threat Scope map tracks the amount of denial-of-service (DoS) activity happening globally, and displays the geographic location of the targets. It has been reported that the number of distributed denial-of-service (DDoS) attacks around the world recently rose by 88 percent, making it a key attack vector that enterprises should closely monitor in 2013.
The second Threat Scope map uncovers attackers that are scanning the Internet in search of hosts to exploit, and lists the most common services that are being targeted by these scans. When major Internet worm outbreaks occur, they will also appear on this map since they display similar behavior. When a major worm outbreak is occurring, the map will highlight the service exploited by the worm and identify countries where there are large populations of infected machines.
Both of the new maps were created using data from the StealthWatch Labs Darknet. A Darknet is a large range of IP addresses that have never been assigned to a real computer network. These IP address ranges should never receive any traffic, but they often do, enabling those who monitor them to uncover attack activity.
“In today’s threat environment, organizations must have a solid understanding of what is happening both within their own network and on the Internet,” added Cross. “With Lancope, customers benefit from the combination of strong product capabilities for delivering internal network visibility, and leading-edge research into global threats, which work together to keep them protected from emerging attacks.”
Lancope’s StealthWatch System collects and analyzes NetFlow, IPFIX and other types of flow data for dramatically improved network security, performance, forensics and compliance. Advanced capabilities including identity, application, virtual and mobile awareness enable users to uncover evolving attacks such as insider threats and APTs, as well as address new network challenges including BYOD and cloud computing.
Intelligence from StealthWatch Labs further improves network security and expedites incident response. On top of conducting in-house threat research, the StealthWatch Labs team also works closely with other leading security experts from organizations including Cisco, Team Cymru and the Georgia Institute of Technology to share the latest in threat intelligence.