Differences between revisions 1 and 2
Revision 1 as of 2008-10-24 14:33:04
Size: 2929
Editor: dsl-olubrasgw1-ff80c100-125
Comment:
Revision 2 as of 2008-12-28 20:15:39
Size: 3025
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
[[TableOfContents()]] <<TableOfContents>>
Line 18: Line 18:
[[ImageLink(abusecollab.png,width=800)]] [[attachment:abusecollab.png|{{attachment:abusecollab.png||width=800}}]]
Line 23: Line 23:
[[ImageLink(abusecollab2.png,width=800)]] [[attachment:abusecollab2.png|{{attachment:abusecollab2.png||width=800}}]]
Line 26: Line 26:
'''Picture:''' When necessary, analysts may drill down all the way to the packet level [[FootNote(Packet monitoring availability depends on the amount of malicious traffic)]] '''Picture:''' When necessary, analysts may drill down all the way to the packet level <<FootNote(Packet monitoring availability depends on the amount of malicious traffic)>>
Line 32: Line 32:
[[ImageLink(abusecollab3.png,width=800)]] [[attachment:abusecollab3.png|{{attachment:abusecollab3.png||width=800}}]]

Abuse Collab

Problem statement

The amount of malicious traffic is constantly increasing. Cybercriminals are using managed services optimised for spamming, distributed denial service attacks and infecting more hosts to gain even more computing power for criminal activities. A spamming vendor known as the SET-X Corporation promises ...5000 to 7000 emails per minute and over 1 million spam messages per day, courtesy of the 5000 bots it comes preloaded with. --"Spamming vendor launches managed spamming service".

Proposal

With Abuse Collab you are equipped to fight against cybercriminals who use your clients to steal your network resources. With Abuse Collab your specialists can fight against malware, which at worst will cause unmanageable traffic peaks in your networks. You will receive higher customer satisfaction as your network is available to your paying customers. You will also save in your investments in network capacity as the bandwidth is used by your legitimate customers and in a predictable manner.

Option A: Recorder model

In the Recorder model you are able to record the suspicious traffic at a detailed level. With the detailed information your specialists can understand even better how the malware works and use this information to report incident details. With these details you can proactively defend from future threats.

attachment:abusecollab.png

Picture: With current tools verifying abuse reports is time-consuming. With Clarified Abuse Collab you receive abuse reports at a centralised place. Our recorders can then pull monitoring rules from the collaboration environment, manually or automatically as desired. Records will significantly speed up infection verification, and ease location of other malware victims.

attachment:abusecollab2.png

Picture: When necessary, analysts may drill down all the way to the packet level 1

Option B: Netflow model

In the Netflow model, your routers and switches feed the Collab environment with traffic flow information. Our tools then produce usable information for your specialists.

attachment:abusecollab3.png

Comparison of Recorder model and Netflow model

Item

Recorder model

Netflow model

Hardware investment

Recorders

None or filtering device(s)

Managed service investments

Support for Recorders + Collab environment

Collab environment

Historical data

Details from the moment of abuse report

General (flow) history prior the report

Other applications

Can also be used for generic troubleshooting by other organisations

Can be used for handling abuse reports


  1. Packet monitoring availability depends on the amount of malicious traffic (1)