Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Seculert Javelin Finds Holes in Security Gateways

    Written by

    Sean Michael Kerner
    Published March 17, 2016
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      A best practice for IT security has long been to deploy some form of gateway security, be it a firewall or an intrusion prevention system that is able to block potentially malicious traffic coming into or coming out of a network. But how does an organization know for sure if its security gateway is, in fact, stopping all the bad traffic?

      Seculert’s Javelin technology is a new tool designed to help organizations find gaps in their gateway security.

      “Instead of just providing visibility to customers who upload their logs to us, we thought it would be interesting if everyone could understand if their own gateway is allowing malicious communications to go out,” Aviv Raff, CTO and co-founder of Seculert, told eWEEK.

      The idea to build a tool that can “understand” the status of gateway security was inspired by research that Seculert released in February that shows a lack of visibility for outgoing malicious communications. The Seculert study looked at a subset of data from its 1.5 million users, examining the performance of devices from Palo Alto Networks, Blue Coat, Websense, Zscaler, Fortigate and Barcuda, among others. The study found that 40 percent of malicious communications attempts were successful and not intercepted by organizations’ Web gateways.

      The new Seculert Javelin technology simulates how attacker tools are able to get malicious communications out of an organization to some form of command-and-control node, Raff said. The goal of the Javelin tool is to demonstrate how an organization’s own Web gateway will respond to the simulated attack attempt to send data out to a potentially malicious host.

      “It’s a pure Web-based experience. The simulation runs the malware behavior communication to the command-and-control node,” Raff explained.

      The entire simulation can be conducted inside of two minutes, providing an organization with a rapid answer to the question of their Web gateway’s security posture.

      The idea of blocking outbound traffic that is attempting to connect to a malicious host is something that many Web gateway technologies will aim to block by default, with lists of known bad IP addresses. Javelin goes beyond known bad IPs and makes use of intelligence that Seculert has about attacks, Raff said.

      “Our analytics platform is behavior based, so we might identify something that no one else in the industry has yet,” Raff said. “We cherry-pick those kinds of attacks, which is why this is more powerful than just relying on known lists of bad addresses.”

      To test the performance of Web security gateways, the Javelin simulation attempts to connect to hosts that Seculert has identified as malicious. While Javelin attempts to connect to the malicious locations, the tool is not exposing the organization to real risk, Raff said.

      “Javelin is communicating to bad places, but the idea is if you already have infected devices within your network, they’re already communicating with those places,” Raff said. “We’re doing the communication in a safe manner that does not try to send any data or download any data from the bad places.”

      From a remediation perspective, a Javelin test is complete, Raff explained, adding that a customer can get a package from Seculert called proactive containment. “It’s a package that can help to proactively contain machines within an organization that might get infected and attempt to contact malicious command-and-control servers,” he said. “There will also be an API that will help to automatically update the Web gateway.”

      Back in October 2015, Seculert launched its Executive Dashboard technology to provide high-level visibility into organizational security risks.

      “Javelin is more of a way to help organizations to understand gaps in a Web gateway,” Raff said. “But if you want to find out if you have infected devices in your organization, we have log analysis technology that includes the Executive Dashboard.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×