An example of this methodology was recently conducted by Ajit Narayanan and Yi Chen at the Auckland University of Technology, New Zealand. In their work, they converted the signatures of 120 worms and viruses into an amino acid representation. Malware signatures are typically presented in hexadecimal format – a base-16 numbering system which uses the digits 0 to 9 as well as the letters a to f. According to Narayanan and Chen, they believe the amino acid “alphabet” is better suited to machine-learning techniques, enabling these machines to analyze a piece of code and determine whether it matches a known malware signature.

“Generally, malware experts identify and calculate the signatures of new malware, but it can be hard for them keep up. While machine learning can help, it is limited because the hexadecimal signatures can be different lengths: Narayanan’s team found that using machine learning to help classify the hexadecimal malware signatures resulted in accuracy no better than flipping a coin”, said Hodson.

However, some techniques used by bioinformatics for comparing amino acid sequences take differing lengths into account in their methodology. Using this same methodology but applying it to malware, Narayanan and Chen were able to achieve average accuracy of 85% for classifying the signatures automatically using machine learning.

Classification is just one we may be able to utilize amino acid methodologies to fight malware. Narayanan and Chen note that further studies of malware using this framework may show that malware evolution follows some of the same rules as amino acids and proteins.

Malware threats continue to grow in volume and sophistication. Proactive methodologies, like those proposed by Narayana and Chen, are directly in line with our thinking here at ThreatSTOP. Providing IT departments with greater understanding and control of their networks leads to increased security. The IT security industry could learn another lesson from bioinformatics. That is, disseminating information around pathogens, diseases, or in this case amino acids, to the community rather than holding it in a silo, leads to breakthroughs and cures. Our world of IT security often operates in different silos, despite the fact that we are all dealing with the same threats. We created ThreatSTOP for this very reason: to develop a product that leveraged the community and turned it against the attackers, while simultaneously learning from the collective knowledge of these attacks and disseminating that information back out to the community.

“We believe better control of the network is the best way to achieve greater security”; said Arya Barirani, VP Product Marketing, Infoblox. “Proactively blocking outbound connections to known bad actors both prevents Infoblox customers from being victims, and enables pinpointing and cleaning up infected devices. We selected ThreatSTOP because of their experience and track record in delivering effective feeds for proactive network defense.”

By using Infoblox DNS Firewall, Infoblox customers gain greater control of their corporate IT networks and meet the need for increased security created by forces such as bring-your-own-device (BYOD), cloud computing, and the evolving cyber-threat landscape. This product offering is part of a growing trend of IT organizations employing more proactive cyber security methodologies.

“We’re proud that Infoblox, an established leader in network management and stability, has selected ThreatSTOP as its partner,” said CEO Tom Byrnes. “Infoblox understands that providing IT departments with greater control of their networks leads to increased security, a core principle we share.”

Using a real-time, expert-generated malware data feed powered by ThreatSTOP, the Infoblox DNS Firewall automatically populates recursive DNS servers’ Response Policy Zones with a current list of all known malicious domain names and IP addresses. When malware code or a user attempts to make a connection with a malicious destination, Infoblox DNS Firewall will now be able to prevent the connection from happening, pinpoint the infected device and alert IT teams to take appropriate action.

Infoblox and Infoblox DNS Firewallare trademarks of Infoblox Inc., in the U.S. and other countries.

About ThreatSTOP 
 

ThreatSTOP is a real-time IP Reputation Service that automatically delivers a block list against criminal malware (botnets, Trojans, worms etc.) directly to a user’s firewalls, so they can enforce it. It is a cloud-based service that protects the user’s network against the most serious information security problem today—malware designed to steal valuable data perpetrated by organized criminals. ThreatSTOP enables existing hardware and network infrastructure to enforce user defined malware blocking policy without requiring the expense, complexity and time of a forklift upgrade of new equipment. It can be deployed within the hour with simple rule-settings or a script on the user’s firewall. Founded in 2009, ThreatSTOP is headquartered in San Diego, CA. For more information, visit http://www.threatstop.com.

Board

ThreatSTOP announced the appointment of Brian Nugent to its Board of Directors, “We’re proud to welcome Brian to our board,” said ThreatSTOP CEO and Chairman Tom Byrnes. “Brian has decades of success helping IT companies scale. His experience and connections are a major addition to the resources ThreatSTOP needs to handle, and increase our growth in the years ahead.”

Brian Nugent is a seasoned technology industry entrepreneur, board director and investor, with a record of driving IT companies to market leadership positions. Brian’s heritage of high-impact board experience within the software and hardware arenas includes coaching many technology CEO’s to successful trajectories and liquidity events. His twenty-year industry operational experience spans executive leadership posts across public and private companies in general management (CEO/COO), sales, marketing, product management, corporate development, business development and customer service across the security, communications, cloud, social media, telecom and internet commerce industries. Brian was most recently the Chief Operating Officer at EdgeWave, where he led a year-long business transformation process. Prior to EdgeWave Brian was Chairman & CEO of Applied Identity, which was acquired in March of 2010 by Citrix Systems.

Sales

ThreatSTOP appointed Chris Lee as its new VP of Sales. Lee comes to ThreatSTOP from VirtualArmor, where he served as Vice President of Sales and Marketing. He brings more than 10 years of experience as a technology executive and sales leader with a proven track record of progressive impact and results.

In his role at ThreatSTOP, Lee will bring his extensive experience and understanding of innovative and effective sales and marketing approaches to ThreatSTOP’s product and sales teams. Chris will accelerate ThreatSTOP’s leadership in protecting networks against the most serious information security problem today – criminal malware and botnets, which are frequently referred to as Advanced Persistent Threats.

“I’m excited to join the ThreatSTOP team” said Chris Lee. “ThreatSTOP is uniquely positioned to solve real problems faced by all companies today. ThreatSTOP’s flexibility, cost effectiveness, ease of implementation and broad compatibility make it a joy to sell. ThreatSTOP presents the opportunity to do well while doing good, defending the Internet against cyber-criminals and nation-state attackers, in a way that can be used, immediately, by every network.”

CEO Tom Byrnes commented, “I’m excited to have Chris join our team,” says CEO Tom Byrnes. “Chris brings seasoned, serially successful, sales leadership. Chris is a true entrepreneur who has successfully built multiple sales teams that have taken companies from startup to multi-million $/year sales. We look forward to having him build on the success we have achieved so far, and take ThreatSTOP to the next level.”

Agency of Record

ThreatSTOP selected La Jolla-based Accelerate-IT IMS as its creative agency of record. As ThreatSTOP’s brand partner, the agency will focus on creative strategy and marketing communications.

“We were looking for a partner that would be immediately effective, agile, and innovative in taking ThreatSTOP to the next stage of market awareness. Accelerate-IT IMS has a track record of bringing insightful and creative thinking to building brands within the IT space and working with companies that have created disruptive platforms like ours” said CEO Tom Byrnes.

“ThreatSTOP is disrupting the IT security space and shifting what is traditionally reactive thinking in a silo, towards a proactive community driven model,” said Patrick O’Neill, Director of Marketing for Accelerate-IT IMS. “We’re honored its team has trusted us with its business.”

About ThreatSTOP

ThreatSTOP is a real-time IP Reputation Service that automatically delivers a block list against criminal malware (botnets, Trojans, worms etc.) directly to a user’s firewalls and routers, using the ubiquitous DNS protocol, so they can enforce it rapidly. It is a cloud-based service that protects the user’s network against the most serious information security problem today—malware designed to steal valuable data perpetrated by organized criminals. ThreatSTOP enables existing hardware and network infrastructure to enforce user defined malware blocking policy without requiring the expense, complexity and time of a forklift upgrade of new equipment. It can be deployed within the hour with simple rule-settings or a script on the user’s firewall. Founded in 2009, ThreatSTOP is headquartered in San Diego, CA.

This second installment, Part 2: Know your Enemy: Cyber Diversion, will be available live via webinar at their referenced start times, taking place February 12th, 2013. Please visit the following link to view the webinars: click here.

“In Part 2 of the series we will analyze cyber diversion tactics that are used to mask larger and more coordinated attacks on your sensitive data.” – Tom Byrnes

About ThreatSTOP 
ThreatSTOP is a real-time IP Reputation Service that automatically delivers a block list against criminal malware (botnets, Trojans, worms etc.) directly to a user’s firewalls, so they can enforce it. It is a cloud-based service that protects the user’s network against the most serious information security problem today—malware designed to steal valuable data perpetrated by organized criminals. ThreatSTOP enables existing hardware and network infrastructure like Juniper JunOS MX/SRX systems to enforce user defined malware blocking policy without requiring the expense, complexity and time of a forklift upgrade of new equipment. It can be deployed within the hour with simple rule-settings or a script on the user’s firewall.  Founded in 2009, ThreatSTOP is headquartered in San Diego, CA. For more information, visit http://www.threatstop.com. or connect with ThreatSTOP on Twitter and Facebook.

ThreatSTOP Blog – http://blog.threatstop.com/
ThreatSTOP – http://threatstop.com/
Twitter – @threatstop
Facebook – http://www.facebook.com/pages/ThreatSTOP/316126528415728

Introduction to The Art of Cyber Security Series
A sound cyber security strategy starts with a well-designed plan. Defending against new threats requires evolving the current reactive mindset to a proactive one. It is time to implement continuous monitoring throughout the network, building on existing security tools and practices using cloud intelligence.

ThreatSTOP’s “The Art of Cyber Security Series” gives you the tools to develop a sound preemptive response to meet the ever-growing cyber security threats facing you. This four-part online seminar series highlights the evolution of cyber crime over the past year, the three key cyber security threats for 2013, and the framework for developing a proactive plan to mitigate these threats.

Part 1: Know your Ground: The Evolution of the Cyber Battlefield
In Part 1 of the series we explore the evolution of cyber crime over the past year and the three key cyber security threats you should pay attention to in 2013. Additionally, we offer a framework for developing a proactive plan to mitigate these threats.

Presenter: Tom Byrnes

Broadcasts:

• Wednesday, January 9th at 9:00am PST (12:00pm EST) – REGISTER NOW
• Wednesday, January 9th at 12:00pm PST (3:00pm EST) – REGISTER NOW

Length: 45 minutes

The newly discovered ‘SpamSoldier‘ hides behind links to free versions of Android’s most popular games.

Accoring to the Iranian Computer Emergency Response Team Co-ordination Center, that’s exactly what is happening. The new ‘Batchwiper’ malware hides out on your computer and one day, in one moment, deletes drives D – I on your computer. Gone….like that.

Think your anti-virus can catch it? Not this one, Batchwiper also has the ability to disguise itself from antivirus softwares. Disguised as a Microsoft Office 2007 document collaboration feature called Microsoft Office Groove, the .exe file has been causing quite a stir.

For more information check out this Digital Trends Article.

Criminal malware are the biggest problem in information security today because they cause great financial and reputational damage to their victims. The current crop of solutions do not prevent breaches caused by this malicious malware effectively.  Using IP Reputation is emerging as a viable method to address this growing problem and become a required component of an effective layered defense against cybercriminals, just like anti-virus did starting 15 years ago.

We will also be giving away to one lucky attendee a $100 gift card to Amazon.   

Reserve your Webinar seat now at:

Thursday, December 13th at 9:00am PST (12:00pm EST) – https://www3.gotomeeting.com/register/631485534

Thursday, December 13th at 2:00pm PST (5:00pm EST) – https://www3.gotomeeting.com/register/571549302

Lee comes to ThreatSTOP from Virtual Armor, where he served as Vice President of Sales and Marketing. He brings more than 10 years of experience as a technology executive and sales leader with a proven track record of progressive impact and results.

In his role at ThreatSTOP, Lee will bring his extensive sales experience to ThreatSTOP’s product and sales teams to help continue its leadership in protecting networks against the most serious information security problem today – malware and botnets.

“I’m excited to have Chris join our team,” says CEO Tom Byrnes. “Chris strengthens our team by bringing seasoned, serially successful, sales leadership. Chris is a true entrepreneurial sales leader who has successfully built multiple sales teams that have taken companies from startup to multi-million $/year sales. We look forward to having him build on the success we have achieved so far, and take ThreatSTOP to the next level.”

“I’m excited to join the ThreatSTOP team,” says Lee. “ThreatSTOP is uniquely positioned in the marketplace to solve real problems faced by all companies today. There are few alternatives that offer the flexibility like ThreatSTOP.”

About ThreatSTOP

ThreatSTOP is the developer of ThreatSTOP Botnet Defense Cloud, an IP reputation-based cloud service that enables firewalls to block botnet and malware traffic to and from networks. The service prevents data theft, increases network “goodput”, reduces network load and attack surface. It is deployed on customers’ existing equipment and can be activated within an hour without the expense, complexity and time delay of hardware upgrades, network reconfigurations, retraining or manual updates. Founded in 2009, ThreatSTOP is based in San Diego, CA. For more information, visit http://www.threatstop.com.

New Policy and List Management Capabilities

ThreatSTOP has always been a great way to centrally manage firewalls of different types from multiple vendors from a single location but as ThreatSTOP is applied in ever larger and more complex networks, a new structure is required to facilitate the management of hundreds of devices and many more custom block and allow rules. Now it is even easier to manage the rule lists for multiple firewalls from a single user-friendly console.

In ThreatSTOP 2.0 multiple devices can now share a single policy that defines all block and allow rules. Customers can define an entire class of devices (say “branch firewalls”) that should have the same policy (say “block traffic to known botnets and Eastern Europe but allow traffic to company offices in Eastern Europe”). All devices in this class can be provisioned with the identical policy configuration managed in one place. When changes are made to the policy such as adding another office or changing the countries to be blocked, all devices that use it are automatically updated with no need to touch the firewalls themselves.

In this release we have significantly improved the ability of customers to manage custom block and allow lists.  Now the lists can be effectively unlimited in size and each entry may be anything up to a class A network (/8 CIDR block) and may have an associated comment to ease change management. Updating is simplified as entries can now be added in bulk. We have also created a new list for Pingdom’s uptime testing tools and allow our customers to select whether they wish to use it as an allow list item (if they are pingdom customers too) or a block list item. We will be adding more “dual use” lists over time.

Finally as part of the new policy engine we have added additional geographic blocking capabilities and defined some standard policies that we recommend for particular configurations.

New UI

In ThreatSTOP 2.0 we have completely overhauled our user interface as part of the introduction of the new features. The new layout is visible on every page including the home page where we have changed what is displayed to make it more relevant.

Other new features

In past releases, each user account was assigned to a single set of customer devices. This made it difficult for managed service providers and consultants to manage customer devices and was less convenient for larger organizations with teams of network and security staff. In ThreatSTOP 2.0 we have introduced the ability for any user to delegate account control to another ThreatSTOP user. The delegation is reversible at any time by either party and there is no practical limit to how many users may be authorized to manage a single account.

Customers have also been looking for ways to automate the generation of reports and integration of the ThreatSTOP with their existing IT management processes. In this release we have added the ability to create and email reports to users at fixed times. The reports can be summaries of all traffic or detailed reports broken down by type of threat, firewall etc.

New Device Support

Finally we are pleased to announce that we have extended our list of supported hardware devices further beyond firewalls by adding support for Juniper Junos routers. All Juniper routers (MX Series, M Series and J Series) are supported when running Junos versions 10.4 and higher. As with ThreatSTOP installation on Juniper SRX firewalls, installation is simple, quick and may be done without any interruption to service. The addition of ThreatSTOP to Juniper routers dramatically increases network protection and available bandwidth by permitting the blocking of malicious traffic at the very edge of the network.

In addition, as blogged recently, we also have early availability code for big switch openflow controllers for customers interested in deploying SDN technologies in their data centers.

ThreatSTOP is now able to manage not just hardware firewalls but also routers, switches and virtual devices. We support most Juniper devices, all Cisco firewalls as well as the ISR platform, as well as Checkpoint, Vyatta, pfSense and generic linux (iptables) and BSD (Pf) firewalls.

We would like to invite you to attend a webinar where we will be demonstrating the new features of ThreatSTOP 2.0 and our new release as a whole. We will be holding webinars on the following dates/times, please click on your desired slot below and register:

Monday, December 3rd at 9:00am PST (12:00 pm EST) – Register here: https://www3.gotomeeting.com/register/444005038

Wednesday, December 5th at 12:00pm PST (3:00pm EST) – Register here: https://www3.gotomeeting.com/register/778452462

Friday, December 7th at  9:00am PST (12:00 pm EST) – Register here: https://www3.gotomeeting.com/register/351576734

Our customers and their security are at the forefront of all of our efforts and as always, your feedback on our latest enhancements are greatly appreciated.