List of malware domains can be fed into IPS and IDS appliances to disrupt communication between malware and an attacker’s command and control server.
RSA is bolstering its CyberCrime Intelligence Service, adding malicious domain blacklists as a new feature for organizations that use the service.
Malicious domain blacklists, which can be gotten from a variety of sources, are pieced together by the security research community to cut off malware from their command and control server. Blacklisted hosts and IP addresses are used by cybercriminals for launching attacks or storing stolen information. Many of the blacklist feeds are freely available, but RSA’s service will bring together information it has collected from its partners into one location.
The RSA CyberCrime Intelligence Service is a managed security service, which provides companies with data about infected machines and systems present on their network. It focuses mainly on endpoint devices and provides raw data on malware detection and what business data or email correspondence may have been compromised. RSA said the data helps organizations identify gaps in existing security policies, remediate incidents of identity theft and infected corporate machines and educate employees about the impact of malware infections.
RSA is likely wrapping in data pulled from its NetWitness acquisition. NetWitness Spectrum provids users to with a feed to the Malware Domain List, ZeuSTracker and Shadowserver, as well as its own live threat intelligence service. RSA also licenses feeds from its partners, which collect malicious IP and domain data from their customer base.
McAfee, Symantec, VeriSign and other security vendors offer similar managed security intelligence services. IBM, Hewett-Packard and CA also offer security services that include threat assessments and other services designed to help organizations assess their individual risk profile. Some services like VeriSign’s iDefense Security Intelligence Services offer more robust information, including vulnerability data and malicious code analysis to help incident response teams.
Telecommunications providers AT&T and Verizon also have subscription-based services providing near real-time threat landscape data and information specific to an organization. In June, Verizon announced a new Incident Analytics Service, which brings together the firm’s popular data breach investigation report along with data from its incident, classification and reporting repository. The goal of that service is to help organizations score themselves relative to other firms in their peer group.