Protect Against Malicious Communications

Protect against malicious communications

When attackers are in the network, they send communications to their command-and-control servers for their next set of instructions. Detecting this malicious communications — encrypted and in the clear– is a vital part of protecting your organization.

Detect C2 communications

When malware is downloaded and executed on the network, the malware code sends a communications or beacon out to the attackers’ command-and-control servers to look for its next set of instructions.

Command-and-control servers, also called C&C or C2, are used by attackers to maintain communications with compromised systems within a target network.

As organizations have tightened controls for outbound traffic communication, threat actors have had to adapt and taken advantage of encrypted communications such as HTTPS and SSL to evade detection.

In fact, Gartner predicts that “During 2019, more than fifty percent of new malware campaigns will use various forms of encryption and obfuscation to conceal delivery, and to conceal ongoing communications, including data exfiltration.”

Our platform detects malicious C2 communications by using deep learning to inspect network headers.

Our platform detects malicious C2 communications by using deep learning to inspect network headers.

Our deep learning models also identify attacker mal-intent and threats in encrypted communications channels. In contrast to slower analytics or hunting solutions that use correlations over large volumes of data or signature mechanisms like JA3 which can be fast but result in lots of alerts, our models provide instant and accurate verdicts as they observe the connection evolution over time.

Features include:

  • Download of a payload over an encrypted channel from a malicious or compromised website.
  • Detection of encrypted command and control communications from a compromised endpoint from within the enterprise network.
  • Download of a payload by a malicious entity already residing on an endpoint inside the enterprise network.

Ready to get started?
We’ll show you how fast we enable actionable visibility, real-time threat defense, and continuous compliance for your cloud.