Solera Networks Unveils New Threat Research Labs
November 17th, 2011
Newly appointed Director of Threat Research Andrew Brandt will leverage the company’s technology to deliver actionable intelligence to customers and the anti-malware community
Research labs demonstrate early impact with the identification of malicious domains behind spear-phishing attack
Salt Lake City, UT – November 17, 2011 – Solera Networks, creator of the Network Security Analytics platform and Solera DeepSee™ applications, today announced the launch of Solera Networks Research Labs (SNRL), a geographically distributed group comprised of analysts, incident responders, reverse engineers and security specialists. Its mission is to discover zero-day threats such as malware, botnets, phishing campaigns and exploit sites; analyze them to understand their impact and lifecycle; share the security intelligence gathered with customer organizations worldwide and the anti-malware community; and assist the identification of new functionality and tools required to effectively combat increasingly sophisticated threats.
The research team is led by Internet security industry veteran, researcher and journalist Andrew Brandt, director of Solera Networks Threat Research. Brandt joins Solera Networks from Webroot, where as lead threat research analyst he was responsible for the discovery and dissection of botnets, cyber-criminal campaigns, exploit sites and malware, and posted exhaustive reports on trends through the company’s blog. Prior to his work in the security industry, Brandt served as an editor at PC World magazine for nearly a decade, and was an active presence at industry conferences like RSA, BlackHat, and DEF CON.
The SNRL’s work and results, found on the Solera Networks Threat Blog (blog.soleranetworks.com), will continue to seek out and publicize current threat trends employed by phishers, malware creators and distributors, and exploit kit writers. For the most current threat reports, users may sign up for updates on the blog page. Users may also enjoy tidbits of interesting security information from the Twitter feed @SoleraBlog.
“In our ongoing endeavor to better serve our customers, we have dramatically expanded the specialized capabilities of our organization with the addition of Solera Networks Threat Research Labs and Andrew Brandt as director,” said Solera Networks CTO Joe Levy. “Since we are an always-on, full-fidelity traffic collector and analyzer, we solve the all-too-common problem of missing undetected or irreproducible attacks at the time they strike. Continuous operation is the only sure way to prepare for sensational, high-impact/low-probability black-swan events. This is a capability every researcher should have, and with it—combined with the intelligence gathered by SNRL–Andrew will help us to continue to provide the market with the leading network security analytics platform.”
“The same intense investigation used by many journalists to get to the bottom of things is also what drives me–only now I have the tools to ‘see everything and know everything’ that occurred from a network security point of view,” said Brandt. “We are able to investigate threats, track them back, determine where they started, follow the sequence of events, and know just how far they’ve gotten. This type of insight, visibility, awareness and security intelligence is an essential tool for organizations that want to identify and mitigate threats from doing damage to the business and brand.”
The forensics and network security analytics solution used by the team is state-of-the-art, capable of handling the heaviest traffic at extremely high speeds.
Brandt continued, “Solera Networks shines the light on those operating in the dark, and SNRL will continue to follow trends in malicious Internet activity, fraud, malware, botnets, and the support systems in the underground cybercrime economy. I’m very happy to join the Solera Networks team.”
New Research Revealed
SNRL has already undertaken several significant projects of value including the investigation of a spear-phishing attack, the analysis of which led to the identification of source and cooperation with law enforcement officials. During the investigation, Solera Networks researchers were able to assess the social engineering aspect of the attack, and using Solera DeepSee, reconstructed the attack, retrieved malware, and brought to light the fundamental behavior of the initial infection. Subsequent payloads offered critical clues as to the origin of the attack, who is in control, and where they are sending profiling notes and other stolen data. The malicious domains and the full extent of the attack have been reported to law enforcement, and a complete account of the process can be found at http://blog.soleranetworks.com/.