Webinar: Top Tips for Effective Cyber Threat Hunting Watch Now
FlowTraq > Blog > Business Insights > Command and Control Downloaded Malware

Command and Control Downloaded Malware

Gurdev Sethi
By | July 15, 2016


Command and Control Downloaded Malware

Using FlowTraq’s configurable tools, keep blacklisted sites from accessing your computer network.

Your computer network blacklist is there for a reason, designed to prevent connections from sites known for nefarious activity. Yet, without the tools to constantly monitor attempts to connect to a blacklisted site, your defenses are not as strong as they should be.

For years, blacklists have been a vital tool for protecting computer networks at various points of entry: hosts, email servers, domain name system (DNS) servers, web proxies, directory servers, firewalls and authentication gateways for various applications. In doing so, blacklists provide a potent defense against hackers looking to infiltrate by whatever means is most vulnerable.

With FlowTraq’s network detection tools, you can be confident that not only will communications with blacklists be detected immediately, but also that alerts are issued to allow staff to address any issues in real time.

At the heart of FlowTraq is a blacklist detector. This configurable detector examines every incoming network session. Each and every session is checked against the list of IP addresses on the blacklist. The detector also identifies classless. inter-domain routing blocks, which are essentially blocks of IP addresses bundled together.

Once an address is or a block on the blacklist is detected, an alert is automatically created.

Managing the blacklist
Companies frequently use multiple sources for the development and updating of blacklist entries. With FlowTraq, end-users have full control of the blacklist composition.

The detector can link to a URL listing of blacklisted IP addresses. The URL is, by default, updated automatically every 24 hours, although the detector can be configured to update in six or one-hour increments. Alternately, the blacklist can be uploaded to the detector via a static text file.

FlowTraq provides a curated blacklist as part of its services. In addition, the blacklist detector can be configured to use lists from one of many free or paid IP reputation third parties.

When an alert is initiated, it contains a time stamp, both parties involved in the communication and which party initiated the contact.

Protecting command and control
Preventing intrusions from blacklisted sites is one critical way to protect from command and control takeovers. FlowTraq offers a comprehensive Network Behavior Intelligence Toolkit. This suite consists of multiple configurable detectors designed to keep hackers out and data safe.

The detectors look for any unusual, malicious or otherwise aberrant network activity. The tools study network activity using machine algorithms that learn normal behaviors, allowing for faster pinpointing of anomalous actions,

With so many access points to a computer network, it’s important to protect unwanted command and control intrusions.

The system helps detects botnets trying to enter the network via viruses, spyware or spam. Even if these bots remain dormant for long time periods, as soon as they are activated, any network activity is detected immediately. Despite a low activity volume, the FlowTraq toolkit is designed to identify these threats quickly, vastly reducing the risk of lost data and sensitive information.

FlowTraq’s comprehensive tools protect against a range of threats to a network system. With FlowTraq your system is secure against distributed denial of service (DDoS) and brute force attacks, worms, data breaches and data exfiltration. In addition, FlowTraq offers robust, forensic abilities that allow users to reconstruct past attacks,

To learn how FlowTraq uses blacklists to protect your network, request a free trial today.

    Claim Your Free Trial

    Subscribe to our blog!

     Subscribe to monthly insider tips!*