CipherTrust Radar 360 and CipherTrust Radar Inside are hosted security services that identify traffic from compromised hosts on enterprise networks, and find the sources of phishing attacks around the globe that use companies names, according to Dr. Phyllis Schneck, vice president of strategic development at CipherTrust.
The new services use CipherTrusts TrustedSource threat correlation engine, which compiles data from 4,600 IronMail e-mail appliances that the company has deployed worldwide, as well as open-source security information, Schneck said.
Organizations do not have to use CipherTrusts IronMail appliance to use the Radar services, Schneck added.
The Radar Inside service analyzes from the outside e-mail traffic leaving a customers network, and can spot suspicious e-mail activity.
That activity could come from unauthorized machines that have been infected by a virus and are sending or receiving e-mail using SMTP, POP (Post Office Protocol) and other protocols, she said.
Radar 360 allows companies to determine how frequently a companys name, logo or brand is associated with online fraud. It can also help pinpoint where in the world attacks that target the company or use its name are coming from.
For example, the company can pinpoint the origin of phishing e-mail messages that are sent through "botnets" of compromised computers, and determine where the Web sites referred to in those e-mail messages are located, according to Dmitri Alperovitch, a research engineer at the Atlanta-based company.
Information from Radar 360 can be used to calculate the companys risk, or it can be passed along to fraud investigators, CipherTrust said.
That information can be used to contact ISPs or hosting companies and take down phishing Web sites. It can also be used in criminal or civil cases stemming from the fraud, Schneck said.
Using a Web-based interface, customers can view where their companys name or brand is being exploited in e-mail messages and view graphs showing how much of worldwide fraudulent traffic concerns their company or brand name.
The interface allows customers to drill down to look at individual fraudulent e-mail content in some cases, she said.
The Grant County, Wash. PUD (Pubic Utility District) has been evaluating the Radar service for the past two weeks, said Kyle Hussey, a network analyst at the electric utility in central Washington State.
The service has allowed him to see how Grant County PUDs network looks from the outside, and do trend analyses on e-mail traffic to and from the companys network, he said.
So far, Grant County hasnt found any compromised systems sending unauthorized e-mail, and the utility isnt a big target of phishing attacks, Hussey said.
The service doesnt have features that let administrators actually remediate problems, but it does provide useful ways to spot malicious behavior and identify ISPs that are propagating attacks that affect a particular company, he said.
Radar 360 and Radar Inside are available immediately from CipherTrust and start at $8,000 for an annual subscription.