■ Filtering Threats Inside https

Nowadays cloud services and hacker C&C are all encrypted in https connections, causing traditional security solutions fail to filter the contents. Such services include Hacker Cloud (Botnet C&C / APT), WebMail Cloud (Gmail / Outlook / Yahoo Mail), Social Cloud (Facebook / Twitter / Google Plus), WebHD Cloud (Dropbox / Google Drive / One Drive), Messenger Cloud (Line / Skype / Google Hangout / Facebook Chat). Research reports indicate that at least 60% of the total traffic hides in https tunnels. Auditing, filtering, and forensics the content of traffic is not easy anymore. It’s time to face the truth.

■ Ransonware & Confidential Data Leakage

Recently many computers are locked by ransomware, meaning anti-virus is not fast enough to defend vulnerabilities. Stopping botnet’s command and control return path with malware sandbox are the last defend line for enterprises. InstantCheck® has integrated Google Safe Browsing® malicious website database, Malware Patrol® ransonware C&C prediction, NICST blacklists. Moreover, decrypted malicious files can be sent to InstantTrace® sandbox cloud for further analysis. 

■ User-Unaware Installation and Digital Forensics

User-unaware installation is extremely important for such auditing tools. InstantCheck® employs transparent mode or proxy mode to install without changing your network architecture. Currently InstantCheck® can filter detailed behaviors and reconstruct mainstream webmail contents (Gmail / Outlook / YahooMail ) webhd contents (Dropbox / One Drive / Google Drive), messenger contents (Line / WeChat / Facebook Chat / Gmail Chat), social contents (Facebook / Twitter) for network data forensics.

■ Professional Apps For Further Analysis

After SSL decryption, InstantCheck® can call the following apps:

(1) Built-in AegisLab® virus signatures who has been listed in VirusTotal® since 2013

(2) Built-in Google Safe Browsing® service for blocking malicious malware URL/IP

(3) Built-in Malware Patrol® ransomware C&C domain prediction engine

(4) Built-in IP/URL blacklists from FireHOL®, Cisco Talos®, NICST®, AegisLab®, ...

(5) Optional InstantAudit® End-Point for audting messages / files of Line/Skype/WeChat