Intrusion: Analyze and Identify Emerging Threats

Joe Head

CTO

“We help protect your network from Zero-Day, malware free and other contemporary attacks.”

Every 39 seconds, companies are assaulted by cybercriminals, posing a threat to our livelihood. It’s time to reconsider how to combat cybercrime from the inside out. With 61 percent of assaults leveraging a Zero-Day vulnerability, it’s time to rethink cybersecurity. Intrusion is a service provider that aims to eliminate cybercrime and provide a company environment free of cyberattacks.

The Shield is the most effective solution to tackle today’s most complex cyberattacks owing to Intrusion’s unique combination of people, expertise, and innovation. Intrusion, Inc. is a company that specializes in network security. It specializes in entity identification, high-speed data mining, cybercrime, sophisticated, persistent threat detection solutions, and development and commercialization. The company provides products such as TraceCop for identity revelation and disclosure and Savant for data transmission mining and advanced persistent threat detection to a variety of customers, including U.S. federal government entities, local government, banks, airlines, credit unions, and other financial firms, as well as hospitals and other healthcare providers.Intrusion is widely used by threat investigators & researchers to efficiently capture and analyze all fields, in all packets in all flows, Savant enables detailed investigations into all communications – giving you insights into malware, bots, APTs, etc. to analyze new and emerging threats.

Shield destroys connections without slowing down the network or disrupting the company. Shield achieves bidirectional Zero Trust by allowing only known good relationships to get through and rejecting any malicious or unknown connection. Intrusion’s vast database of over 8.5 billion active IP addresses eliminates malicious connections without the need for warnings. According to Joe Head, the company’s Co-Founder and Chief Technology Officer, “we have always focused on network traffic flow – even the early days of large-scale IT deployments – and we had several noteworthy projects, including the White House under President Ronald Reagan, as well as several large U.S. Army and U.S. Air Force bases.”

With near-zero latency, Intrusion’s Shield services utilize real-time AI for packet inspection with near-zero latency, inspecting every packet and killing malicious connections. Shield defends against cyber assaults by decoding and analyzing network communication. Savant is a real-time network monitor those records, analyses, and saves the network connection’s behavioral history.

TraceCop is the world’s biggest IP reputation cloud, with over 8.5 billion active IPs. It is utilized by Shield to determine whether or not to terminate a connection. TraceCop data contains a history of IP block allocations and transfers, historical mappings of IP addresses to Autonomous Systems (ASNs) as observed through BGP, and approximately one billion historically registered domain names and registration context. It also contains tens of billions of historic DNS resolutions of fully-qualified domain names (FQDNs or hostnames) on each of these domains. Together, these mappings show relationships, hosting, and attribution for Internet resources which is invaluable for killing cyberattacks. “The current Shield product is an outgrowth of that. We were doing network flow analysis and we found a lot of breaches, including stuff in the early 90s,” Head explains. “We were in the business of who owns every IP [address], who owns every domain, what language, what topic, what content, and what degree of friendliness or menace is represented by each datacenter or each node, route, netblock owner, or host.”

Recently, Intrusion Shield collaborated with Novatech Innovative Technologies International and eliminated 857,041 DNS requests, 562,925 DCP connections, and 974,886 UDP connections. The Shield defends businesses against more aggressive and sophisticated attackers by stopping cyberattacks before they can cause harm. The company aims to take its security services to the next level for the benefit of society.  “When you build a network, there are all kind of IoT things – smoke alarms, door sensors, in addition to the largely Chinese camera market,” Head concludes. “And when you start bringing in things to your bank, for example, let’s say like a door alarm, a thermostat or just a benign device; do you have that on a completely separate network from your banking teller network or do they crossover and can they hop? Understanding from a flow perspective that a smoke detector or a thermostat is not a teller and shouldn’t be querying peoples’ bank balances, those are very much not physical security, they’re cybersecurity questions but the physical security guy needs to inventory those things and keep track of where they physically connect to the network, and we keep track of did anyone violate those rules.”