Sam Glines CEO Norse

Norse, the leader in live attack intelligence, has introduced the DarkWatch attack intelligence appliance, the first solution of its kind to protect large networks from a wide array of new advanced attacks. Available now as a virtual appliance or as 1U rack-mounted hardware, DarkWatch leverages the Norse DarkMatter network Norse's globally distributed distant early warning system comprised of millions of sensors, crawlers, honeypots and agents to block malicious URLs, botnets, anonymous proxies, bogus IP addresses and infected embedded devices, even those deep within the darknets.

It is already playing an indispensable role in protecting our production network from malware, bots, IP threats and other attacks that our former, expensive scanning software was unable to detect or diagnose.

The DarkWatch offering plugs a critical gap in enterprise security infrastructures. It detects new classes of attacks that current systems miss, such as cloud-vectored virtualization-evading malware, compromised Internet of Things (IoT) devices and anonymous proxies, said Norse CEO Sam Glines. With DarkWatch, we¹re bringing all of Norse¹s unique intelligence-gathering and analysis capabilities to the enterprise doorstep.

We've made it easy to set up and simple to use, with an advanced artificial intelligence engine that distills second-by-second updates on thousands of risk factors on hundreds of millions of IP addresses, domains, URLs and devices to deliver a single, actionable risk score with detailed context for any address of interest.

DarkWatch protects organizations from new, fast-growing classes of grey threats, such as those from cloud vectors and compromised embedded devices, and stops enterprise data from being stolen via Tor and other anonymous proxies. With DarkWatch, enterprises can automatically log activities, generate alerts or block IP addresses based on an up-to-the minute
DarkWatch risk score.

In the first month that we deployed the DarkWatch appliance, it examined 3.3 million web requests and gave us a new level of visibility into user traffic with an unprecedented view of network threats in real time, said Jeffrey Arnold, co-founder and vice president of network operations for PhotoShelter. It is already playing an indispensable role in protecting our production network from malware, bots, IP threats and other attacks that our former, expensive scanning software was unable to detect or diagnose.

DarkWatch can be deployed inline or out-of-band, and dramatically improves enterprise security return-on-investment by improving the catch rate and effectiveness of existing next-generation firewalls, intrusion prevention systems and security information and event management (SIEM) products. Finally, the integrated Norse live attack map provides customers with a
detailed, real-time view of threats traversing their network and others around the world.

Product Testing Reveals Previously Unknown Cyber Threats from Middle East

Norse has also announced a privately-funded study to identify and analyze new Middle East state-sponsored cyber activity directed against U.S. critical infrastructure. Some of the key findings of the study were uncovered during testing of the new Norse DarkWatch appliance and associated technologies. The study will be published later this year.

Using the Norse DarkMatter platform that powers DarkWatch, Norse identified patterns of malicious activity and mapped them to specific logical and physical network assets all over the world, even inside the United States, that are under the control of Middle East powers. The study aims to examine the various technical, political, business and financial aspects of state-sponsored cyber attacks including:

Identifying previously unseen cyber attacks emanating from the Middle East. Characterizing the organizations of groups conducting these attacks, the state of their information infrastructure, their dependencies on foreign technology and assessments of their strengths and weaknesses. Analyzing the effectiveness (or lack thereof) of sanctions on limiting access to western technologies, and identifying actors actively engaged in circumventing these sanctions. Assessing the defensive postures of various U.S. infrastructure systems targeted by these groups.

Availability and Pricing
The new DarkWatch attack intelligence offering is available now from Norse as a software virtual machine or a rack-mounted 1U hardware appliance.

About Norse

Norse is the leader in live attack intelligence. Norse delivers continuously-updated, demonstrably unique Internet and darknet intel that helps organizations block attacks that other systems miss. Norse products tightly integrate with popular SIEM, IPS and next-generation firewall products to dramatically improve the performance, catch rate and security return on investment of existing infrastructures.

The Norse DarkMatter? platform detects new threats and tags nascent hazards long before they¹re spotted by traditional threat intelligence tools to deliver unique visibility into the Internet ­ especially the darknets, where bad actors operate. The Norse DarkMatter network processes hundreds of terabytes daily and computes over 1500 distinct risk factors, live, for millions of IP addresses every day. These DarkMatter databases are curated by a highly trained team of professional cyber- and human-intelligence analysts to deliver the superior attack intelligence our customers demand.