My account

Protection from Tor network threats with SIEM Use Case DetectTor

London, UK – March 30, 2017 – SOC Prime, Inc. would like to remind about the dangers of Tor usage inside any organization. The number of Ransomware attacks continues to grow even now and ordinary anti-virus protection cannot cope with them. At least half of Ransomware threats uses Tor to hide command and control traffic or to extract encryption keys. Also most of the Ransomware payment websites are hidden behind Tor in as .onion domains. This is why we provide DetectTor (https://my.socprime.com/en/ucl/tor/) that allows you to uncover and block Tor communications on your network before they cause serious damage.

DetectTor is one of the most popular content packages from Use Case Library for ArcSight, QRadar and Splunk to make sure that Tor is not used for malicious operations in your corporate network. We have decided to provide basic version of use case for free to any enterprise worldwide. This use case helps to accurately detect Tor communications on and beyond your network premises and provides detailed information about IT assets involved. It allows you to secure your organization against insider attacks and data breaches, as well as detect violations of security policies and adhere to compliance requirements. With DetectTor you will be able to detect activity of botnets and APT, covering several phases of Cyber Kill Chain (Reconnaissance, Delivery, Command and Control (C2) and Action on Objectives).

Related Posts