Due diligence to protect your company.
E1: Inbound malware port focused scans
E2: In and Outbound Exploit Detection
Client-side infection attempts (Web) Direct Microsoft Exploit Coverage, including - RPC exploits - Netbios attacks - OP/Shell code attack via overflow Special Port Exploits High Application Port Exploits Inbound Only: Browser specific attacks Outbound Only: Bad outbound email from non-SMTP Outbound Only: - Moderate malware-focused outbound scan detection - Prolific non-malware-focused outbound scan detection
E3: Forced Download / Illegal Software Install Detection:
Malware/Trojan-initiated download request Classic network stream binary spotting Malware FTP Comms Web-based spyware Infection Download / Install
E4: C&C Detection
Web based spyware phone home / periodic checkin Web based malware install success reports Inbound spyware command detection (flow established) Web-based ADWARE phone home BotNet C&C login/dialog /command recognition Trojan horse periodic checkin (primarily via web ports) Application port checkin/install success reports DNS-based call-backs SMTP callbacks (from non-SMTP hosts) Statefull IRC botnet C&C detection
E5/E6: Insider Attack / Malware Preparation Activity
Spambot MX record search via DNS DNS malware associated query
E7 Peer to Peer Rules
BotNet P2P protocol activity
E8: Malware Infection Declaration Rules:
Known botnet C&C IP address (specific address) Russian Business Network (RBN) address Prolific malware-focused outbound scan detection