ESET Threat Intelligence data feeds join the hunt with Microsoft Sentinel integration
ESET Threat Intelligence data feeds set to increase visibility for users operating Microsoft Sentinel SIEM/SOAR platform.
BRATISLAVA — December 8, 2023 —ESET, a global leader in cybersecurity, today announced that its long-standing collaboration with Microsoft now includes the integration of ESET’s six threat intelligence data feeds with Microsoft Sentinel, a scalable, cloud-native solution providing security information and event management (SIEM) and security orchestration, automation, and response (SOAR) capabilities. ESET’s integration utilizes Microsoft Sentinel’s built-in TAXII client, helping security operations center (SOC) analysts in any organization hunt and investigate customers’ threat environments. This marks a new effort to extend the benefit of ESET’s unique data to organizations seeking to improve existing comprehensive threat intelligence solutions and rapid response capabilities.
The ESET data in question is built on the back of its renowned Malware and Threat Research pedigree, which benefits from unique telemetry fed from its substantial installed user base, among them regions underserved by most competitors. This unique value-add is best demonstrated by the many notable research pieces and exclusive detections, including GreyEnergy, BlackEnergy, Industroyer, NotPetya and many of the wiper malware discovered at the start of Russia’s invasion of Ukraine.
ESET’s data and its research cadre also regularly feature in large botnet takedowns and disruptions. These discoveries were pursued by more than 160 researchers and software engineers working in Core Research and Threat Detection at ESET.
The threat data feeds featured in this integration comprise only relevant, curated data that has already received in-house data evaluation, curation, sorting, scoring and processing. The data feeds include APT feed, malicious files feed, botnet feed, domain feed, URL feed and IP feed. The quality of the data is also reflected in the strong standing of #ESETResearch in the cybersecurity community and the contributions of its experts in partnership with MITRE ATT&CK, CISA, EUROPOL, FBI and a number of government entities.
With global concerns intensely focused on threats vectoring from Russia’s war in Ukraine and other hotspots going global, ESET prioritized rapid support for enterprises via its threat data in an agnostic approach to users’ chosen threat intelligence (TI) platforms. This acknowledges the diversity of software and technology stack choices. The integration also signals ESET’s path toward supporting seamless interaction between our data and internal tools and third-party SIEM and SOAR tools — starting with Microsoft Sentinel. This approach supports simplified workflows and reductions in manual effort and enhances efficiency. The collaboration between the two companies also demonstrates a strong market position, with two industry leaders combining their strengths.
“Integrating with Microsoft Sentinel allows us to demonstrate focus on strengthening security now. With our security-first, customer-centric mindset front and center, the integration will allow ESET and Microsoft’s joint customers to immediately benefit from a more holistic view of their security posture by combining ESET’s real-time threat data with customers’ wider security operations,” said Trent Matchett, ESET Director of Global Strategic Accounts.
“This announcement is also a proof point for ESET’s journey towards utilization of industry standard APIs (TAXII 2.1 and STIX 2.1) to deliver Threat Intelligence products. With the Microsoft Sentinel integration, ESET further demonstrates the unique value-add we’ve brought to the cybersecurity community for more than 30 years. So, for SOC teams, CERTs, MSSPs or TIPs that come across this integration, they should know that ESET data is highly actionable, and with ESET’s storied low false positive rates, can have immediate impact when countering threats that ESET has unique detections for,” Matchett continued.
Microsoft Sentinel users can now benefit from unique, diverse, actionable feeds from ESET. They can enrich their TI in a very useful and valuable way, and significantly improve their security posture and prevent ransomware attacks, malware campaigns, etc. These benefits are built upon the strong foundations of ESET threat intelligence (data feed) and its endpoint protection products (ESET PROTECT), which collectively include:
- Enhanced analysis
- Cloud native deployment
- Intelligence-driven data (highly curated)
- Dedicated team of threat researchers tracking all major APT groups
- Unique data sources
- Deeper visibility
- Protection from botnets, precursors to ransomware attack
- Advanced context of IOCs
- Early-stage detection and protection
- Protection against threats with automated intelligence in real time
Find further information about the ESET threat data feed and integration with Microsoft Sentinel here. Additional detailed information about ESET Threat Intelligence, our API project and other related topics is available on our corporate website, or make a direct inquiry.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
Defending Your Network from 1xBet
The Elusive Nature of 1xBet
Blocking 1xBet is quite a difficult task since the platform operates in a unique way, adapting its functionality based on various factors, including user location and app version. This adaptability makes it challenging to employ traditional blocking mechanisms, requiring a more sophisticated approach.
The major aspect of
1xBet
is that it
has spawned numerous resources with similar themes and functions,
operating under different names.
However, it is important not to get confused and understand that all these resources are connected with or derived from the core 1xBet platform. This understanding is essential for crafting effective defense strategies.
Log Analysis
Our team analyzed the logs to identify the domains the app accesses. The impressive part of the way the platform works is its ability to bypass domain blocking. When certain domains or even lists of domains are blocked, the 1xBet app resumes its operation within minutes. It either gets new sources during updates or requests domains from specific sources.
Location-Based Adaptability
The app’s behavior is also influenced by the user’s location. By checking the device’s location, 1xBet selects the appropriate display language. We must say that changing the language doesn’t significantly affect the domains the app accesses. In cases where the device’s location differs from the Geo IP-based one, the app requests permission to access data from Geo IP or GPS, and depending on the location, it accesses different domain names.
Domain Generation Algorithm
During research, it was discovered that all identified domains constantly change depending on the app version and are generated using a domain generation algorithm. Besides, similar or previously used domains were found to be utilized by other apps that resemble or relate to 1xBet.
SafeDNS’s Proactive Approach
It is essential to highlight that
SafeDNS is able to block both the web version of the site and the mobile app.
At the moment, our team has fully developed an automated process to detect the domain names that the 1xBet app accesses.
We are also actively researching the ways used by the service to bypass blocking mechanisms. This is done as a proactive measure to stay ahead and anticipate any changes made to the app’s mechanisms. It’s important to mention that since the service generates many different domains in various regions to prevent blocking, not every filtering service can recognize and classify these newly created domains as gambling. However, SafeDNS is different. Our technology, powered by AI and machine learning, is capable of instantly identifying and blocking these types of sources.
If you have any questions or require assistance regarding the blocking of 1xBet, our team is always ready to help.
Stay protected with SafeDNS!
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.
Q&A Session with SafeDNS Experts, Part 1
We are thrilled to launch an exclusive Q&A session with SafeDNS experts Tom Hall and Alex Biushkin. Your questions, our expert answers—let’s explore the SafeDNS products and updates together!
Here is the first part of our Q&A session. Follow us so that you do not miss further ones.
BUSINESS
Q:
I want to try SafeDNS Pro for the free trial period. How do I do that?
A: We offer a 15-day trial plan for business users. Within 15 days, you can test if our service meets your needs. Here is the registration link. Do not forget to choose your billing plan!
Q:
What pricing options can you offer for business?
A: There are Basic, Pro, and Pro+ plans. If you choose to pay for a subscription monthly, you will pay $1 per user on Basic, $1.8 per user on Pro, and $2.5 per user on the Pro+ plan. If you are going to pay for a subscription annually, it will benefit you for sure. This way, you will pay $0.9 per user on Basic, $1.5 per user on Pro, and $2.2 per user on the Pro+ plan. You can always visit our website or contact the sales department via the email address sales@safedns.com to get more detailed information.
Q:
I want a basic SafeDNS plan using my own email. I do not have a corporate email address, so obtaining this service is blocked when I sign up.
A: You can register and choose a home plan and after that we will be able to update your billing plan manually. Or you can reach out to our sales department directly using the following email address sales@safedns.com, they will help you to solve the problem.
EDUCATION
Q:
I’m interested in learning more about the solutions you can provide for our school district. We have 23 schools and use iPads for students, including BYO iPad devices.
A: We have Education & Non-profit plan that is used by schools, colleges, universities, and other nonprofit organizations. It can serve more than 100 users per location. It is possible to add 500 domains to the Allow/Deny lists separately and either completely restrict or allow free access to this or that resource. You can rely on your administrator privileges and priority phone support option. Also, remember that the SafeDNS Agent app can be installed on your iPads. This plan will cost you 400 USD.
Q:
I am looking into internet filters for a university laptop lending.
A: If you are interested in our services, let me explain a bit about how SafeDNS works.
SafeDNS is a web filter based on DNS technology. Using SafeDNS, you will be able to block individual websites (domains) and certain categories of websites, enable Safe Search for Google and Bing, as well as the Restricted mode for YouTube. It is possible to use the service in a few different ways: it can be set up on your router to filter the whole network, and/or you can install the SafeDNS Agent to filter individual devices. The agent is available for Windows, Linux, MacOS, and Android systems. iOS Agent is coming soon. You can set up our service on the router, and you will get the filter on all the connected devices automatically. Alternatively, you can install the SafeDNS agent on each device. This way, devices have different filtering policies at the same time. The agent can also work together with the router setup, so devices with the agent can get traffic that is filtered according to different policies.
We have several plans that meet any user’s needs. For instance, our Education & Nonprofit Plan can be relevant for you.
Q:
I have a school with 35 sites. How many IPs can the education account have?
A: On the Education & Nonprofit Plan, you can have a minimum of 100 users per location.
ISPs
Q:
What is the ISP solution, and how can it be useful?
A: SafeDNS ISP Filter is an internet traffic filtering system developed by SafeDNS. The service can restrict access to specific URLs, domain names, or IP addresses. There is an opportunity to create your own filtering rules using the command-line tools (Filter-CTL Filter) or the web interface. The system includes the SafeDNS ISP Filter Check utility, which allows you to check the quality of the filter on your own.
Here are useful links for guides about ISP description and installation.
SECURITY
Q:
Can your system protect my domains from domain poisoning?
A: Our DNS servers are protected from such cyberattacks as DNS cache poisoning. We can guarantee that our servers will always respond with the correct information to your requests. However, DNS traffic from a customer to our servers is not encrypted by default, so a MITM attack may occur. If you need to protect your DNS traffic, you can use our feature named DoT (DNS over TLS). Here you can take a look at the detailed guide on how to encrypt your DNS requests with the SafeDNS web filtering solution.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.
CyberLink FaceMe® Security Integrates with Genetec Security Center to Enhance Investigations and Secure Access Control with AI Facial Recognition
Taipei, Taiwan – November 30, 2023 – CyberLink Corp. (5203.TW), a pioneer in AI and facial recognition technology today announces FaceMe® Security certified integration with Genetec Security Center unified security platform. With the incorporation of FaceMe® Security’s AI facial recognition, Genetec Security Center users can painlessly upgrade existing smart security and access control infrastructure with detection of blocklisted individuals, real-time alerts, employee access control capabilities, and optimized facial search, which can lead to faster video investigations.
Genetec Security Center’s ecosystem was built to manage security policies, monitor events, and run investigations. By combining video surveillance and access control functionalities in one interface, Genetec expanded their customers’ ability to have real-time monitoring for the prevention of security breaches. Using an extensive SDK, it accommodates new data types seamlessly in one integration, making it possible to easily integrate new technologies, like CyberLink’s AI facial recognition engine, FaceMe®.
The integration of FaceMe® Security upgrades and empowers existing Genetec security surveillance systems with AI video analytics and facial recognition. By fully leveraging new computing capabilities of IP cameras with AI, optimal synergy between software and hardware can be achieved, helping reduce total cost of ownership. Users also benefit from leading facial recognition technology, that boasts an impressive accuracy rate of 99.83%, top ranked in 1:1 and 1:N evaluations, as validated by NIST.
FaceMe Security makes it simple and efficient to add facial recognition access control. When a person’s face is verified, FaceMe® Security can send real-time push notifications to Genetec Security Center, which then allows or denies entry based on preset permission settings. With 24/7 surveillance monitoring and AI facial recognition, you can always know who has entered and exited the building.
Additionally, FaceMe Security’s ability to enhance investigative capabilities is made possible with the FaceMe Locator plug-in, in conjunction with Genetec Security Center’s Visual Tracking function. Instead of the days, weeks, or even months it may take personnel to complete manual investigations, FaceMe Locator dramatically reduces search time, improving safety and security.
The FaceMe® Locator plug-in for Genetec enables users to search by face. Using a facial image of the person of interest and filtering for date and time of the event, FaceMe® Locator will list all events where that person was recorded and provide corresponding video playback. A facial image can be provided in 3 ways: via an uploaded image, a face cropped from a recorded video, or a face cropped from a live video stream. Once a person is found, Genetec’s Visual Tracking feature is utilized to track their path from one camera to the next.
“CyberLink is excited that our certified integration with Genetec provides Security Center users with the ability to easily run the most advanced AI-based facial recognition algorithms on a unified security platform, enabling efficiency and capability gains directly within the Genetec Security Center interface” said Dr. Jau Huang, Chairman and CEO of CyberLink.
To learn more about the integration of FaceMe® Security & Genetec Security Center, please visit https://www.cyberlink.com/faceme/solution/security/vms/Genetec-Security-Center
About Genetec
Genetec Inc. is a global technology company that has been transforming the physical security industry for over 25 years. Today, the company develops solutions designed to improve security, intelligence, and operations for enterprises, governments, and the communities in which we live. Its flagship product, Security Center, is an open-architecture platform that unifies IP-based video surveillance, access control, automatic license plate recognition (ALPR), communications, and analytics. Founded in 1997, and headquartered in Montreal, Canada, Genetec serves its customers via an extensive network of certified channel partners and consultants in over 159 countries.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition. CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD. With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com
