Adaptive DarkNet™
INTELLIGENCE BASED NETWORK DEFENSE SYSTEM

Product Overview - Adaptive DarkNet™


In large networks, tracking internal systems that have been compromised by Trojans, worms, viruses, or other threats is an ongoing challenge. Keeping track of these systems is critical to stop the activities of a potential intruder or an intruder’s malware. Once inside the network, data theft and resource misuse is almost certain.

Technologies such as intrusion detection or intrusion prevention systems (IDS/IPS) have significant weaknesses, typically producing numerous false positives. When existing solutions are scaled for large environments, they often require considerable care and feeding, thus taking precious time away from problem mitigation.

MainNerve’s Adaptive DarkNet™ is both a sophisticated and intelligent solution. The system offers several major technological advancements beyond what is currently available elsewhere. Verified to reduce the risk of data theft and resource misuse, the Adaptive DarkNet™ detects and blocks communication to sources known to be malicious via feeds from our data correlation center using proven intelligence sources.

The following diagrams create a clearer picture of the process (click to enlarge):

Malware Distribution
Malware Command and Control
Malware Stopped by the Adaptive DarkNet
Malware is pushed or pulled from a distribution server (infected host) on the internet via cross-site scripting, phising e-mail, warez download, email virus, etc. The machine on the internal network infected with malware then attempts to communicate to a command and control server. Malicious traffic is depicted in red emanating from the Trojan-infected system and being blocked and logged by the Adaptive DarkNet™

Key Benefits

  • The Adaptive DarkNet™ is not an in-line device and therefore produces minimal network overhead.
  • Autonomously track and stop conversations with attackers attempting to remotely control systems inside your network based on the attacker’s IP address (not using signatures).

  • Protect against the above-mentioned threat even when your internal infected systems attempt to contact the attacker (phoning home) using protocols allowed through your firewalls, content filters, proxies, etc.

  • Find scanning/propagating software (worms and malware) faster and more accurately than currently available commercial solutions such as anti-virus, without the use of signatures and without false positives.

  • Detect when hosts within your network are attacking a third party or when a third party is implicating your network as the source of an attack on another network.

Available Data Feeds:

  • Miscreant Feeds - Standard intelligence feeds regarding miscreant command and control hosts and known criminal hosts.

  • Bogon Feeds - Intelligence feeds regarding traffic leaving your network border destined for unassigned or RFC1918 IP space.

  • Custom Feeds - Additional custom feeds can be made available to supplement existing egress controls, this can include the prevention of access to warez sites, file-sharing sites and mules.

Read the full details of this technology in our white paper "The Adaptive DarkNet™"

Security News