Webinar: Is There A Blind Spot In Your Cyberthreat Vision?

1©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.

IS THERE A BLIND SPOT IN YOUR CYBERCRIME VISION?ADD A THREAT DATA FEED FOR 20/20 RESULTS

2©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.

Today’s Webinar

Threat vectors

CYREN Feeds

GlobalView™

More detail


~70% of all email Up by 131% Up by 264%

Source: CYREN 2013 Security Yearbook, Q2, Q3 2014 Internet Threats Trend Report

Troubling Internet Security Trends


Source: CYREN 2013 Security Yearbook, Q2, Q3 2014 Internet Threats Trend Report

Troubling Internet Security Trends

Also targets mobile users…


CYREN zero-hour threat data for a range of vectors:

– IP addresses detected as spam-sending zombies

– Zombies also used for DDOS and other botnet activity

CYREN Feeds

– Enhanced identification of phishing URLs from spam emails

– Enhanced identification of malicious URLs from spam emails

– H1 2015

Zombie IP Feed

Phishing URL Feed

Malware URL Feed


CYREN’s Feeds were designed with partners in mind.

Improved End-User Satisfaction

Increased Revenue

Product Differentiation

Sales, Marketing and Technical Support

Ensure users are protected from zero-hour threats.

Easily integrated to ensure cost-effectiveness, scalability, and momentum.

Be the first to market with best-of breed Internet security technology.

CYREN ensures you have everything you need to support your sales model.

Why add CYREN Feeds


Poll Question #1


Web security offerings

• Block malware and phishing sites

Email security offerings

• Block traffic based on IP address

• Delete/quarantine emails with phishing/malware URLs

Feed vs. SDK

• Customer maintains own DB of URLs – Feed

• Customer queries external DB – SDK

How you can use it


Aggregate threat detection feeds from multiple sources, including other companies and other internal feed sources, into one single threat detection solution that can be delivered to customers

What is layered security?


We see more to protect you from more.

• 550 million endpoints and users contributing data.

• 12 Billion real-time transactions per day are analyzed by the CYREN GlobalView Cloud helping to identify threats and protect our customers.

• 200+ global partner data footprint to provide a truly global view of data not just a regional or country-specific feed.

Better Threat Data


We turn data into real-time threat detection.

• Proprietary detection technology (Recurrent Pattern Detection or RPD) Our patented technology allows us to translate our massive data set into real-time security.

• GlobalView Security Lab—Security intelligence and live data analytics.

Better Detection and Analytics


Poll Question #2


Zombie IP Feed


CYREN GlobalView Cloud

Billions of emails/day

Detection of malicious IP addresses using Recurrent

Pattern Detection

Zombie IP feed

Thousands of new phishing URLs/day

How Zombie IP Feed Works


Prevent fraudulent activities

Decrease bot user registration

Hinder Dynamic Denial of Service (DDoS) attacks

Supplement Advanced Persistent Threats (APT)

Delivery:

• Daily: complete dataset off all known zombies with data on the types of activity detected

• Every 10 minutes: Incremental updates (add/delete/modify) to the dataset entries

* Plus email every 24 hrs. with day’s list

About IP Address Feed


Header Parameter Description

Action +/-/= Add/Delete/Modify a record

IP IP address (IPv4 format) IP address of zombie with leading zeroes as needed

First-Seen YYYY-MM-DD-HH:mm:ss First detection time (UTC)

Last-Seen YYYY-MM-DD-HH:mm:ss Most recent detection time (UTC)

Intensity Unsigned number (0.. 10) Computed intensity as active zombie. Low means spam activity is low, high indicates a high spam activity zombie host

Flags bitwise Indicates the zombie is conducting malicious activities

Class Text Bad IP category: C1 = Dynamic, C2 = Static

Risk Unsigned number (0.. 100) Ratio between malicious and valid activity

Country Country code (2 letters) Country of zombie origin

Zombie IP Feed Data Set


Phishing URL Feed


CYREN GlobalView Cloud

Billions of emails/day

1. Extraction of URLs using Recurrent Pattern Detection

2. Phishing URL logic3. Human analysts

Phishing URL feed

Thousands of new phishing URLs/day

How Phishing Feed Works


Improved rules for identifying phishing URLs

• Filtering out media URLs

• Looking for sites with multiple sub-domains

• Searching for known phishing keywords

• Applying enhanced detection algorithms

• Human analysts

About Phishing Feed


“Zero-hour phishing” category for the URL Filtering SDK

Range of delivery options:

* Plus email every 24 hrs.with day’s list

Feed distribution HTTP/S Push HTTP/s Pull Email

Structure One URL per call (HTTP PUT)*

Batch per request (HTTP GET)

Text list of detected URLs as zip attachment*

Frequency Continuous, as detected

Every one minute to every 24 hrs.

Every 5 mins.

Phishing Feed Delivery


\\ URLF DATABASE + PHISHING FEEDS

RSA gets its phishing feeds from different providers, and uses them in combination to set security priorities. RSA uses CYREN’s phishing feed.

RSA’s PROCESS:• An analyst reviews the high priority URLs,

and checks to confirm it is phishing. • If a URL is confirmed as Phishing, RSA will:

1. Check if the URL belongs to one of their customers and, if so, alert them.

2. Use this data to sell their service to new customers: they get this fresh feed every 5 minutes. This is an near real-time service that they provide to their customers to protect and notify them on new possible attacks.


Malware URL Feed


Enhanced identification of malicious URLs in spam emails

Automatic process to identify malicious URLs from Web traffic

Manual analysts work to enhance the detection logic

Thousands of new URLs detected per day

Consumed either as:

• Feed

• New “Zero-hour malware” category for the URL Filtering SDK

About Malware URL Feed (H1 2015)


Summary


GlobalView - vast source of data

• Billions of Internet transactions daily

Highly accurate algorithms

• Based on years of threat research and experience

Human analysts

• Confirm accuracy and continually refine algorithms

Feed Differentiators


Regardless of device or location, CYREN protects you from phishing, malware and email threats with advanced internet security solutions and detection technologies.

CYREN Web Security solutions enable secure web browsing and protects you, your clients, your employees, and your corporate data.

CYREN’s Anti-Malware solutions provide the best and broadest protection against new and zero-hour threats.

Our global platform uses Recurrent Pattern Detection, security intelligence and live data analytics to continuously protect you and keep inboxes clean.

A Portfolio of Solutions


Many of the world's largest corporations already depend on CYREN

technology to protect their business infrastructure and their customers.

Customers and Partners

28©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. 28©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.

COMMITTED TO PARTNER SUCCESSWe focus on our core competencies so our partners can focus on theirs.



Find us here:

www.CYREN.com

twitter.com/cyreninc

linkedin.com/company/cyren

Next Steps

Free evaluation

Upgrade for existing URLF customers

Technology

Webinar: Is There A Blind Spot In Your Cyberthreat Vision?