With the Heimdall project, an anti-spam cloud, Net at Work would like to introduce cybercriminals to an AI and big data-based service that uses swarm intelligence for defense. Participating NoSpamProxy customers can already collect and evaluate metadata during the beta phase, so that proactive protection against phishing, spam, and other threats is created. In today's post, we explain how the Heimdall project aims to reduce the spam rate.
Anti-Spam Cloud: The Heimdall Project
The Paderborn
company Net at Work is the developer of the secure e-mail gateway solution
NoSpamProxy. With the Heimdall project, which is currently in the beta
phase, Net at Work is introducing a very new form of intelligent spam defense:
swarm intelligence should enable rapid reactions to threats such as spam or
malware.
Anti-Spam Cloud with Swarm Intelligence
Project
Heimdall has been included as a beta in NoSpamProxy since the end of 2019, and
Heimdall should be an integral part of version 14 and higher. In the
meantime, there are more and more NoSpamProxy instances that are useful for the
anti-spam cloud: NoSpamProxy collects links from emails in an anonymous form, as
well as metadata on the attachments of the participants. This is done by the GDPR and only with the consent of the user. As
reported in the NoSpamProxy blog, "the file name, file size, the
SHA-256 hash value, the MIME-type (as recognized by NoSpamProxy) and the transaction ID is recorded."
The aim of the
Heimdall project is also clear in this article: “The aim of Heimdall project is
to build an even more powerful anti-malware intelligence that can detect and
fend off attacks by spam and malware even faster and more accurately. "
Heimdall Should Protect in Two Ways
The e-mail traffic of all connected NoSpamProxy instances is analyzed in real-time; directly
signals suspicious or even malicious behavior. If links or attachments are
recognized as malicious, this information is immediately recognizable for all
integrated instances. This internal exchange is not everything, but Net at
Work imports information from other manufacturers into the central database so
that users benefit from this too. To this end, so-called IOCs (Indicators
of Compromise; indicators for harmful effects) are specifically exchanged with
other manufacturers. Sure: the more participants * participate in
Heimdall, the faster the swarm intelligence can begin to work.
The second
protection mechanism results from the analysis of collected data for suspicious
trends or anomalies. An example should make this clear: New domains that
are to be used for the first time and are referred to as zero-day domains can
be reliably identified as such by evaluating long-term images of the e-mail
volume across users. Previous analyzes have already shown that such
zero-day domains are often misused for short but very massive phishing attacks. The
swarm approach and corresponding metrics allow Heimdall to recognize such
attacks from the start and to automatically warn all connected entities.
With the Anti-Spam Cloud for Intelligent
E-Mail Security
The NoSpamProxy
blog regularly reports on Heimdall's project. The in-house security
experts became aware that Heimdall had recorded an increased number
of phishing attacks that used the bit.ly URL shortener.
Heimdall was
also able to quickly identify that the dreaded Emotet Trojan now uses encrypted
archive formats for its distribution, as this blog post explains. The dangerous thing about Emotet is its changeability: The Trojan uses new ways of
distribution and the Emotet creators have often succeeded in bypassing the
simple protective mechanisms of common malware detection programs. The blog post linked above shows very clearly how Heimdall works and how the
collected information benefits all NoSpamProxy instances in real-time using
graphics.
Anti-Spam Cloud and Swarm Intelligence:
The Future?
The Heimdall
project relies on AI - a trend that undoubtedly has a future in malware
detection and in dealing with spam. But swarm intelligence is also one of
Heimdall's strengths: the GDPR-compliant, voluntary, and anonymized real-time analysis allows any abnormalities to be recognized immediately. Since all
voluntarily participating NoSpamProxy instances are connected, there is a huge
amount of data that is analyzed - and can thus lead to meaningful results. Every
single user is helped; users are automatically warned in the event of any
abnormalities.
At a time when
everyone has networked with everything anyway (or this may be possible in the
foreseeable future), this approach seems very useful: abnormalities and
deviations from the norm can be detected very quickly. This not only gives
individual participants room for maneuver, but also creates - not least through
the exchange with other manufacturers - a more secure basis from which every
Internet user benefits.
Are you looking for secure internet browsing, use Protegent360's Total Security Software to protect yourself from internet fraudulent.
Comments
Post a Comment