A proactive search to anticipate threats
Stormshield’s Security Intelligence team has two main missions: study and understand threats and devise ways to improve Stormshield’s product portfolio & contribute to the cybersecurity community by sharing expert opinions and collaborating closely with professional organizations (CERT, research institutions, security specialists, etc.).
We make a point of providing a concise view of the threats that weigh on companies; we conduct daily, in-depth analyses to understand the technology used by cybercriminals and fight current and future threats.
Stormshield is an innovation-centered company that is constantly striving to find ways to proactively avert threats. The Security Intelligence team works collaboratively with the rest of our company to block future threats. For example, it contributes to the Stormshield Endpoint Security product range’s chief asset, namely the ability to proactively block a threat without requiring an update – unlike traditional, signature-based protection solutions. The, the system is therefore capable of blocking an attack before it happens, even if it is based on exploiting a zero-day vulnerability or on a new version of malware.
The team also works on the detection component of Breach Fighter, a collaborative malware-detecting service hosted in the Cloud. Breach Fighter is built into all Stormshield Network Security firewalls deployed worldwide so as to aggregate the largest number of samples and automatically protect all appliances when a new threat is detected; even threats that are as yet unknown to antiviruses are detected this way.
Combined with external data sources, our products produce large quantities of information and files to classify. The data generated by Breach Fighter is among these sources. Our customers upload a large number of files into this cloud-based sandbox feature, and each of these files has to be classified as either a friendly program (goodware) or a malicious program (malware).
This Threat Intelligence system is based on several proprietary tools, including a honeypot (data that serves as “bait” for attacks) a malware analysis laboratory, a custom classification language, and machine-learning algorithms. Our goal as a security leader is twofold: develop the best data thread possible – with mixed data sources – and maintain the best threat-detection rate in the cybersecurity community.
The Security Intelligence team actively shares its discoveries through articles and conferences with renowned partners, such as Virus Bulletin and Black Hat, in order to transfer knowledge to the security community.