FPT EagleEye malBot – Solution for information security problem

60

Information security is always a problem posed in the digital age. With sophisticated variations of malicious code, information security is like a marathon without end. Therefore, experts of FPT Cyber ​​Security Center researched and released EagleEye malBot – a product that detects and prevents malware in the network in real time.

Unpredictable cyber-attack

Nowadays, cyberattacks targeting organizations are increasing in number and sophistication. In fact, intentional attack methods are becoming more and more common with a variety of malicious codes used to damage organizations and businesses. Current attacks have redirected, instead of targeted attacks aimed at enterprise servers, now mainly on individuals who then escalate to take over servers. Although businesses spend a lot of effort and cost in preventing threats already, the vast and ever-changing platform of threats, along with the challenges of improving customer security habits, have created many holes for exploiters.

Almost every company or organization has built an Intrusion Detection System (IDS) so that it can detect signs of violations and abnormal behavior. is happening on your system. IDS works primarily on rules or predefined identification signs to detect and alert administrators to be able to analyze and verify computers with suspicious and methodical signs to promptly block these computers.

Traditional IDS model

With such a traditional approach, it is difficult for the technical team to have a comprehensive view of the problems existing on the system to detect and warn of attacks early. When an incident occurs, it will take a long time to detect or when detected, it will also take a long time to isolate and solve the problem, thereby leading to financial losses. At the same time, manual methods can easily lead to errors and omissions in the handling process. These processing jobs are merely repetitive and fully automated.

Automate security with EagleEye malBot

In order to solve this problem, FPT Cyber Security Center consists of a team of security experts who have researched and built malBot products. malBot is a Bot system that automatically detects and prevents computers from violating the network, is built to reduce the burden on administrators, and quickly detect and immediately handle signs that  breach on the system. With the objectives set out:

  • Flexible products, easily compatible with the products or systems available in the business.
  • The product is designed to be simple and easy to deploy and use immediately.
  • Replace the administrator’s manual work with automated Bot system.

The first version, which can be said as a primitive of EagleEye malBot, was released at the end of June 2018 after a month of development by a team of FPT Cyber ​​Security Center.

The product was commissioned in July and immediately showed its superiority over the available tools. Specifically, the report in May 2018 and June 2018 recorded more than 9000 warnings and 250 cases processed. The July 2018 report recorded only 5316 alerts and 235 cases handled. As such, the number of warnings recorded has decreased by almost half.

In September 2018, the next version of EagleEye malBot was released. The September 2018 report noted that the average number of cases handled increased by 350 cases, 1.5 times higher than the previous month.

2018 detection and troubleshooting report.

Subsequent versions continually improve EagleEye malBot’s ability to detect and troubleshoot.

Key features of EagleEye malBot:

  • Automatically detects and isolating immediately computers that violate the organization.
  • Provides for common violations of user safety across the system with intuitive interfaces, fast support for monitoring, action and reporting when troubleshooting.
  • Combining many analytical algorithms to minimize cases of false alerts (False Positive).
  • Issue warnings to users and administrators to take actions and respond promptly when information security incidents occur.
  • FPT EagleEye malBot is capable of integrating and deploying with many models suitable to the organization’s infrastructure.
  • Export reports periodically according to many world security standards such as PCI DSS, HIPAA / HITECH, FISMA, SCAP.
Monitor screen

Currently, EagleEye malBot is being used for intranet of FPT Information System with scale of about 4,000 endpoints and 2 customers. It is expected that this year will be deployed on the entire FPT Corporation.

Pham Tat Dat
FPT Cyber Security Center

Related posts: