Corporate infrastructures are subject to regular attacks by Trojans, worms or other malware which may set spam relays, launch proxies, perpetrate denial-or-service attacks and induce other types of fraudulent behavior.

Confronted to compromised private and public hosts, the company may be highly impacted at the production or corporate image levels. Close to half of Fortune-500 companies are affected by the phenomenon every month since heterogeneous information systems are particularly exposed to this threat: the detection of such intrusions by internal monitoring systems is a real issue for IT departments worldwide.

Impacts on corporate identity can be:
High risk of sensitive intrusion through the vulnerabilities exploited to launch malevolent activities,
Blacklisting of corporate information system elements at customer level (outbound emails rejected or flagged as spam) or at operator level,
Responsibility of the company against victims targeted from the corporate IS,
High assistance costs for forensics,
Damage for the public image of the company.s IT department.

The CERT-LEXSI R&D department has therefore built a service to detect such intrusions into your information system without interfering with your company's common Internet activities.

Our service monitors 24h/7 millions of spams, attacks and security events, identifying any attack originated from your IP addresses. With dozens of CERT-LEXSI honeypots and real-time querying of major DNSBLs (DNS Black Lists services run by CERTs or security organizations around the world), we offer the most comprehensive coverage of compromised IP addresses to date (12m of unique IP addresses in a 30-days period).

We offer early detection of:
Infection of the information system by malware,
Hijacking of SMTP relays, HTTP-FTP-IRC proxies,
Hijacking of networks through DNS or BGP attacks,
Use of hosts for illegal content hosting, DoS attacks or other types of fraudulent activities.

As soon as one of your IP addresses is identified as a source of such risks, an alert is sent to your CERT-LEXSI analyst (or to your security department) containing the following information:
Time of detection,
Impacted IP address,
CERT-LEXSI source of the event (or interconnected DNSBL),
Source nature and type of incident (spam, zombie host, open proxy, DoS),
Method of delisting (in case of a DNSBL event) when the problem is fixed.

Such alerts are compiled from all sources of current blacklistings. Further backtracking is provided for each incident in a weekly summary of ongoing incidents.

While the risk detection by our honeypots is carried out in real-time, the query dispatch for each IP address to a third party DNSBLs may represent an up to 30 minutes delay.