Blueliv
Enterprise Solution

Targeted Threat Intelligence Solution

We continually monitor global cyber threat trends, and it is clear that cyber threats have become the most common—and serious—threats to enterprises. Fraudsters are escalating and precisely targeting their attacks with frightening efficiency. However, to achieve their goals, fraudsters must successfully execute a number of steps. Many organizations lack the internal resources and specialized security intelligence needed to implement effective security strategies that enable them to thwart and overcome these challenges.

If you’re an enterprise, you’re a target.

Botnets and Command & Control

The Blueliv Botnets Module is designed to detect infections in your computers, retrieve compromised credentials, and protect your business and users from potential damage such as being part of a botnet network, data theft or other cyber threats. Use the Blueliv Botnets and C&C Module to:

  • Detect internal and external infections in critical servers, VIP users, and clients
  • Eliminate “blind spots” in your threat landscape
  • Protect clients and employees by recovering stolen user IDs and passwords
  • Gain proactive, real-time awareness of crime servers and the ability to track and block them

Blueliv delivers a list of infected host IPs, a list of compromised credentials, global crime server tracking, and graphical statistics. Our robust intelligence analytics provide you with valuable data for preventing or minimizing botnet threats, including:

  • Heat map of botnets with geolocation features
  • Data describing which systems are infected, how they were infected, and when they were infected
  • Analysis of the most-infected OS profiles, software, and users

Targeted Malware

The Blueliv Targeted Malware Module detects and helps prevent creation of dangerous or infected files in your websites and servers. Use the malware module to:

  • Track malware and mobile malware trends—locally and globally—to detect targeted malware
  • Connect internal network analysis appliances to automatically send malicious binaries for analysis into a cloud-based elastic sandbox
  • Gain early warnings of information theft or leaks due to a malware attack

Blueliv delivers robust malware reports, giving you forensic understanding of malware behavior on targeted internal and external systems. Blueliv analyzes more than 1, 000, 000 malware samples per month that could affect your organization. With live malware threat data, you will know which systems are infected, how they were infected, and when they were infected. This live data can be streamed into your SIEM.

In addition, by uploading your suspicious executable files to our intelligent sandbox, we can deliver detailed analysis about behavior, system changes, network traffic, and malware distribution campaigns.

Credit Card Theft

The credit card theft module helps you detect credit card information that has been stolen so that you can protect your customers or employees from becoming a fraud target. You can retrieve compromised credit cards when they are published and sold on the deep Internet and black markets. Use the Blueliv Carding Module to:

  • Create a proactive cyber security strategy and prevent credit card fraud
  • Block stolen credit cards, regardless of how they were compromised.
  • Harden your cyber security profile and drive attacks away
  • Protect your corporate cards and VIPs from non-authorized purchases
  • Reduce insurance costs due to control and credit card fraud mitigation

Blueliv delivers a real-time list of recovered credit cards and provides early warning in the event of VIP and corporate card theft. In addition, you can view a heatmap of credit card black markets and infected point-of-sale systems. With live carding threat data, you will know which systems are infected, how they were infected, and when they were infected. And you can use Blueliv’s compromised credit card information to feed your fraud scoring algorithms.

Rogue Mobile App

The Blueliv Mobile App fraud detection Module identifies false, infected, modified, or copied apps—as well as apps performing brand abuse activities. Now you can detect rogue applications that bear your name when they are uploaded to a marketplace, as well as illegal mobile apps that are being publicly published without your organization’s authorization.

Hacktivism

Now you can defend against targeted social-borne cyber attacks as well as track and monitor global social hacktivism operations. The Blueliv Hacktivism Attack Prevention Module detects cyber threats against your organization, identifies information leakages after an attack, and monitors hacktivism activity. You receive:

  • Actionable live threat data, which can be streamed into your SIEM
  • Early warning of information and credentials theft or leaks
  • Vulnerability analysis specific to your technology
  • A hacktivism global overview, including the most active operations and geo location

Advanced analytics enable you to quickly detect targeted hacking attacks, compromised sites, and information leaks originating from the underground world.

Data Leakage

Discover whether or not your organization’s sensitive documents or data have become publicly available on the Internet, deep Internet, and peer-to-peer networks. The Blueliv Data Leakage Detection Module detects and identifies data that could represent leaked information across multiple file-sharing platforms, enabling you to better control BYOD information and social document repositories. Blueliv complements your existing data leak protection measures by:

  • Detecting information leaks from third parties, such as outsourcing, consultants, audit, and other partners
  • Delivering a list of documents containing information about your organization
  • Providing a list of “Restricted use” and “Confidential” documents and information that are publicly available
  • Enabling you to document auto-download and post processing

Brand Abuse

The Blueliv Brand Abuse and Social Monitoring Module monitors your online presence to identify brand abuse, reputation damage, and other forms of attacks on your brand. You can detect groups or organizations using your brand or trademarks in online ads and social networks without your authorization or knowledge and prevent coordinated real-world attacks.

Phishing and Cybersquatting

The Blueliv Phishing and Cybersquatting Module combats both types of attacks by detecting possible attempts to acquire sensitive information by masquerading as a trusted entity or by detecting similar domains that can potentially be used to replace your company’s original domains.

Media Tracker

All publicity is good publicity? Not necessarily. Especially when your brand’s reputation and network security are at stake.

Stay on top of news and media mentions about your brand. Use the Media Tracker module to scan 1000s of specialized and mainstream media sources globally for mentions in English, German, French, Italian, Spanish and Portuguese.

Use this intelligence to maintain the integrity of your company execs’ digital presence and ensure your VIPs’ online activity is aligned with your security policies.

  • One central dashboard to manage and monitor online mentions.
  • Track specialized media sources for relevant industry news and updates.
  • Filter news and media sources easily with sophisticated search functionality.

Save time and resource with automated search and alert functionality on one single dashboard.

  • Monitor news sources for mentions that could impact your brand reputation.
  • Identify news and media activity that could threaten your organization’s network security.
  • Ensure colleagues are aligned with your cyber security strategy and adopt safe online practices to mitigate the risk of a data breach.

Dark Web

The web has many different dimensions, and some are more public than others. Cybercriminals are experts at covering their tracks, so don’t risk leaving stones unturned. Monitor activity lurking in the depths of the dark web to protect your corporate assets from every angle.

The dark web is made up of a variety of anonymous networks and hosts non-referenced URLs and domains. Software used to access the dark web also enables users to browse these networks anonymously. The most common dark web network is TOR (The Onion Router).

Boost your awareness of what’s going on in the underground and dark web, observe malicious activity targeting your organization and pro-actively prevent attacks with the Blueliv Dark Web module.

  • Continuously track and discover communication across darknets to trace malicious activity back to its original source.
  • Search underground sites for cyber threats including hacktivist ops, sensitive data leaks, malware attack vectors and illegal underground marketplaces.
  • Search and monitor any mention of your organization and relevant assets including IPs, domains and keywords.

This module enables users to browse and search within TOR (the .onion domain) and processes up to 200,000 URLs per hour.

Use this intelligence to detect and control information leaks and implement data-driven mitigation measures.

  • Launch searches by demand using Boolean operators, wildcards and regular expressions.
  • Retrieve screenshots and extracted content in html, markdown and raw format.

Threat Intelligence Feed

Blueliv Cyber Threat Intelligence Data Feed allows any organization to track in real-time the threats that are aligned against it and to quantify and qualify what attack vectors malicious attackers are using.

Blueliv continuously scours and analyzes hundreds of sources to provide unique intelligence about verified online crime servers conducting malicious activity, the infected bot IPs, malware hashes and hacktivism activities. The Feed is offered as an easy to buy solution that provides high-impact results rapidly. The user can understand what attack vectors malicious actors are using, understand potential indicators of compromise (IOC) and deploy mitigation solutions.

More than just a data feed

Use Threat Intelligence Data Feed to build a holistic and dynamic security infrastructure that will result in:

1. Global threat intelligence delivered locally

Intelligent threat identification achieved through the use of a combination of malware sandboxes, honey pots, honey clients and spam mailboxes that allows companies to identify different threat actors around the world.

2. Continuous Real-Time updates

The Blueliv feed is constantly tracking threats and these are updated in real-time and providing our clients with ultra-fresh intelligence on live threats targeting their users and customers and enabling security analysts to identify clear IOCs. In addition, the crowd-sourced information helps the clients reduce the false positive ratio. Unlimited queries can be run in real-time.

3. Unique comprehensive range of cyber threat intelligence

The feed provides data relating to crime servers, BotIP, malware hashes and hacktivism. All that intelligence aggregates data that comes from a wide range of open sources and includes private and proprietary intelligence coming from sinkholed sites, malware repositories and the alliances and collaborations with different organizations.

4. Machine-Readable threat intelligence

The Data has been translated from human to machine-readable formats to allow for rapid dispersion to cloud and on-premises infrastructure and through this the client can increase threat visibility and improve their security posture by enhancing threat context. Blueliv uses the standard STIX to represent structured cyber threat information. Feeds are also available using REST architecture with HTTP protocol and JSON format.

5. Easy and direct integration

Easy to setup, easy to integrate quickly into your SIEM and other security products through a single point of contact (API) or through official security vendor applications markets. Plugins available for Splunk, AlienVault, ArcSight and Logstash and a powerfull SDK for integration.

Intelligence and data provided

  • Crime servers: Malware distribution domains, C&Cs, phishing, exploit kits and backdoors
    ID, type, country, domain, geolocation, ASN ID, status…
  • Bot IP: Infected IPs, OS affected, user agent
    IP address, geolocation, family type, version, status…
  • Attacking IPs. Data related IPs that are performing attacks such as Port scan, brute force, directory scan…
  • Malware: Malware hashes
  • Hacktivism: Social monitoring related to hacktivism operations
    Ops/Hashtag, country, # tweets per day, tweets
  • TOR IP: Tracking & discovering Tor Exit Nodes

Find out more about our complete solution

Datasheet