AI Defense Matrix (project code name : Tarpits*)
Autosense/Autodefense : ransomware; trojan; hacker; Brute Force attacks...
for Netgate, Osigate, Mikrotik, Fortinet, Watchguard, Sophos, Juniper, Sonicwall, Snort, Suricata ... most firewall platforms
1. Live Tarpits ( AI machine learning from global clusters, Vulnerability prophet engine ... have hourly update)
Snort Global research team is constantly examining threats, the AI machine learning vulnerability fingerprint from different sources, and a variety of pfsense to analyze exploits and vulnerabilities. New fingerprints are published as needed through our cloud server. Tarpits unique defense Matrix, a prophet engine, collaborating threat fingerprint form the expensive infrastructures. We should implement Live Tarpits at the first gate of defense. Tarpits prophecy signatures is written to detect; predict and prevent intrusions; worms; trojan; ransomware; DDoS exploits; Brute force cracking ...
Read MoreWe are in the IEEE Communications Society research team.
* IEEE : Institute of Electrical and Electronics Engineers, The world's largest technical professional organization for the advancement of technology.
After extensive research, AI defense team created unique defense matrix below, which includes hourly/daily updates via our AI defense clusters.
Advantages: Detect & deny the dangerous connections at the beginning, don't go further protocols negotiation; avoid further inner defense rules calculation; avoid further dangerous in depth sessions, save more session slots, save more bandwidth and CPU time ...
- botnet : Current global robot zombie PC list, botnets can be used to perform DDoS attacks, steal data and hacker may access the device and hijack its connection. daily updates via our Tarpits cluster.
- sslbl : SSL cert is not 100% secured, SSL Blacklist is a collection of global malicious SSL certificates server IP list, daily updates via our Tarpits cluster.
- cisbl : Central Intelligence Security black list, a subset of global active hackers' IP, daily updates via our Tarpits cluster.
- IQRisk : delivers actionable threat IP intelligence to help ensure networks are safe from malicious and potentially malicious threats.
-
DQlists : Rep Query Delivers Multi-Level, Robust Threat Intelligence to Meet the Needs of SME to Enterprises,daily updates via our Tarpits cluster.
DQlist is providing maximum protection with minimum false positives, daily feed from Global anti-hackers alliance, global DQ lists suitable for most routers and firewalls.
DQlist IP signature service integrates an ultra-high performance deep packet inspection architecture and dynamically updated IP signature database to deliver complete network protection from application exploits, worms and malicious traffic. A scalable solution supporting virtually any network size.
- DQlist_classC : Global ipset in CIDR format, shorter list and most effective, any bad guy found then block whole class of network.
- DQlist_48hrs : Global ipset made from track of attacks, spyware, viruses, detected in the last 48 hours.
- DQlist_30days : Global ipset made from track of attacks, spyware, viruses, detected in the last 30 days.
-
DQlist_90days : Global ipset made from track of attacks, spyware, viruses, detected in the last 90 days.
- tarpits : AI learning from Global hackers/ransomware/spyware/ fingerprint once triggered the alert of protocols sensors, hourly updates via our Tarpits cluster. * Tarpits includes most defense matrix above (certainly very good enough)
Effective Cyber Security proposal
- deploy AI defense matrix at first layer, can detect and block the most active threats, less resources, more efficiency. Hourly update is crucial.
- apply CISBL, which wiill have global hackers/ransomware/threats source, need to work with IDS/IPS, defend the rest of the most possible threat, the list is big and involves IDS/IPS rules computation, more resources, more CPU demand, more secured for OSI layers 5~7.
- deploy ET-open, Snort-open at 2nd layer for behavior rules set autosense/autodefense.
AI Defense matrix, Monthly Subscription, hourly update: US$ 26
AI Defense matrix, Half year Subscription, hourly update: US$ 156
AI Defense matrix, Annual Subscription, hourly update: US$ 312
* [AI Defense] included all the above defense matrix (for most case of cyber security, It is very good enough)
Intelligent for most kinds of Firewall
2. Global IDS/IPS (Vulnerability Signatures and Defense rules from ET open, Cisco Snort Talos, IQRisk, Proofpoint ET Pro, CINS ... daily update)
We have Cisco Snort Talos, Proofpoint ET, CINS (Collective Intelligence Network Security) ... We should apply Global IDS/IPS at the middle layers of defense. IP Reputation pre-processor provides IP blacklist/whitelist capabilities, to alert/block/drop/pass traffic from reputation IP list. We can use popular Snort or Suricata IDS/IPS engine to implement Reputation-enabled defense and Network behaviour defense. This pre-processor will address the performance issue and make the IP reputation management easier. Reputation pre-processor runs before other pre-processors then rules base behaviour detection ...
We are offering subscription base Cisco Snort, Proofpoint ET Pro IDS/IPS :
i. Snort Talos at yearly subscription at US$399 per sensor, daily update
ii. Proofpoint ET Pro at yearly subscription at US$999 per sensor (Paid service includes daily update, FREE subscription service with 30 days delay)
iii. Emerging Threats IQRisk daily update yearly subscription at US$399 per sensor, daily update
- The same Snort ruleset developed for our NG IPS customers, immediately upon release – 30 days faster than registered users, provide daily update.
- Priority response for false positives and rules
- Snort Subscribers are encouraged to send false positives/negatives reports directly to Talos