Security Basics mailing list archives
Re: Identifying Malware in Outbound Traffic
From: jstemp105 () gmail com
Date: Mon, 19 Sep 2011 17:02:23 GMT
FireEye is a great product, as I manage some of their products in my daily work. It performs two functions: 1. "Malware Callback" discovery. This detects systems that are calling back to a C&C server, usually through a reverse-bound connection through a firewall. This appliance only detects and does not block this communication. 2. Detects malicious inbound traffic based on heuristics and testing in virtualized XP and 7 environments. There are a couple of caveats to the FireEye systems: - Many false positives - Does not perform well in "Defense in Depth" situations such as between various levels of firewalls, and proxy gateways since reporting becomes useless - Very expensive appliance/platform - Reporting is quite vague and cumbersome within the interface, and even more difficult when running detailed reports pre- or post-mortem FireEye is a great tool for enterprise deployments, however for a small deployments or highly diverse deployments, it isn't as much of an asset. Take the necessary time and due diligence to plan this device into your network properly, or you will regret it at a later date. I hope this information helps, and that it will help you decide if FireEye is for you or not. Best regards, JS ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Identifying Malware in Outbound Traffic hellkyng (Sep 15)
- Re: Identifying Malware in Outbound Traffic Henri Salo (Sep 15)
- Re: Identifying Malware in Outbound Traffic Barry Greene (Sep 16)
- RE: Identifying Malware in Outbound Traffic IT (Hafeez Abdul Rahman) (Sep 19)
- Re: Identifying Malware in Outbound Traffic ted fred (Sep 16)
- Re: Identifying Malware in Outbound Traffic Henri Salo (Sep 19)
- RE: Identifying Malware in Outbound Traffic David Gillett (Sep 16)
- <Possible follow-ups>
- Re: Identifying Malware in Outbound Traffic asaidov (Sep 16)
- Re: Identifying Malware in Outbound Traffic jstemp105 (Sep 19)
- Re: Identifying Malware in Outbound Traffic Henri Salo (Sep 15)