Dark Side Intelligence™
Umbra Data is committed to preserving the integrity of the Internet and your network by providing the most comprehensive, actionable Command and Control (C&C) intelligence.
Security specialists gather and verify all sources of C&C information and compile it with Umbra Data’s internal “dark” data to provide your organization with Dark Side Intelligence, the most comprehensive solution to stop malware in its tracks. This solution is an instantaneous C&C data feed service that is integrated into your existing edge security devices. It easily identifies compromised computers, disrupts communications and instructions from C&C servers, and prevents further infection.
Umbra Data’s Dark Side Intelligence is the missing link in the security deficiencies that organizations are experiencing. With malware constantly evolving and botnets relentlessly re-surfacing, existing security solutions tend to be either temporary or incomplete. Umbra Data’s compilation of C&C hosts and subsequent malicious IP addresses is continuously updated and vetted, and always expanding. This well developed data gives your organization a complete overview of its network’s botnet vulnerabilities and how to best address them.
In addition to having unique and valuable intelligence, Umbra Data has a 27-step vetting process to ensure the accuracy of our database. All the information is run through the Umbra Data Validation Engine (UDVE) and each host is assigned with a classification depending on the level of threat intensity. Umbra Data’s team not only verifies their internal intelligence but the existing external information as well. Umbra Data provides you with an accurate, SLA backed data set of IP addresses that you can integrate seamlessly into your security system and use to confidently block malicious traffic.
The Threat Classification System
Once the data has been compiled and vetted, its threat severity is determined by the Umbra Data Validation Engine (UDVE) and it is classified as either Block, Alert, or Monitor. This classification is what gives the data its turnkey quality that makes it simple for customers to control their security policies and disrupt unwanted traffic.
The classification system allows your organization to be in full control of choosing a passive or active threat response. For example, a more passive response is to simply log the event, or a more aggressive response would be to invasively disrupt and re-direct malicious traffic. The policies can be mixed, and at all times are under your complete control.
Block: The block classification is a formal data set of IP addresses and associated analytics that are researched, vetted, and blocked. All of the IP addresses in this classification demonstrate only malicious activity and can be confidently blocked for end user’s safety. No non-malicious activities have been detected for these servers.
Alert: The alert classification is compiled of IP addresses that the UDVE classifies as highly suspicious. While the addresses have been qualified as malicious, there is legitimate traffic present as well such as a public IRC server or shared web hosting. Depending on your network and its users, organizations have varying degrees of policy and may use their own discretion for addresses in this category.
Monitor: The monitor classification is an additional classification that contains addresses that have demonstrated C&C qualities and Umbra Data closely watches for a transition into malicious activity. Again, depending on your network, these addresses are determined by your organization’s policy.