Home page logo
/

basics logo Security Basics mailing list archives

Re: Identifying Malware in Outbound Traffic
From: jstemp105 () gmail com
Date: Mon, 19 Sep 2011 17:02:23 GMT

FireEye is a great product, as I manage some of their products in my daily work. 

It performs two functions:

1. "Malware Callback" discovery.  This detects systems that are calling back to a C&C server, usually through a 
reverse-bound connection through a firewall.  This appliance only detects and does not block this communication.

2. Detects malicious inbound traffic based on heuristics and testing in virtualized XP and 7 environments.

There are a couple of caveats to the FireEye systems:

- Many false positives
- Does not perform well in "Defense in Depth" situations such as between various levels of firewalls, and proxy 
gateways since reporting becomes useless
- Very expensive appliance/platform
- Reporting is quite vague and cumbersome within the interface, and even more difficult when running detailed reports 
pre- or post-mortem

FireEye is a great tool for enterprise deployments, however for a small deployments or highly diverse deployments, it 
isn't as much of an asset.  Take the necessary time and due diligence to plan this device into your network properly, 
or you will regret it at a later date.  I hope this information helps, and that it will help you decide if FireEye is 
for you or not.

Best regards,

JS

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault