What is Dekeneas?

Dekeneas is an AI powered early detection system aimed at identifying watering hole attacks, drive-by attacks, crypto-jacking and exploit kits in online environments, assisted by powerful code instrumentation and analysis.

WATERING HOLES PROBLEM REALITY SOLUTION

What are watering hole attacks?

A watering hole attack is a complex attack vector targeting specific groups of users, by infecting legitimate but vulnerable websites which the targeted audience visits on a regular basis. Usually the infected websites can be regarded as a company's external resource or a common denominator for its employees.

For example, a mobile app development forum would be a perfect spot for a watering hole attack targeting smartphone manufacturers' employees. A niche conference or event website are other very good examples, their temporary nature making these prime candidates for structural vulnerabilities.

How do watering hole attacks happen?

If the blame for successful phishing attempts is usually hastily placed on the user for interacting with unsolicited e-mail, all the user has to do in the case of a watering hole attack is to access a legitimate website that they might even be browsing on a regular basis, for work-related research, information or collaboration. Nothing out of the ordinary needs to happen.

Such attacks usually result in the total compromise of a user’s computer or device and beginning with the rise in popularity of cryptocurrencies, victims that are deemed of lesser importance or are no longer useful to the attacker's specific goal are turned into stealth cryptocurrency mining bots.

Do watering hole attacks actually happen?

To date, not only has big tech fallen victim to watering hole attacks, but alongside Facebook, Apple, Twitter and Microsoft so have banks, fintech companies, defense industry contractors, intelligence operatives, activist groups, investigative journalists and government resources all over the world.

During our forensic post-incident work, we identified that 70% of high profile data breaches have resulted from watering hole attacks.

Can watering holes attacks be prevented?

The only effective method of safeguarding against watering hole attacks is early detection, implemented alongside robust security controls and incident response, as once detected, the attack needs to be countered in real time, as it unfolds.

In 99% of cases the user is totally unaware and unsuspecting of the breach, as the exploitation is happening covertly, using sophisticated and obscure vulnerabilities with no direct evidence of the attack.

Hackers employ ubiquitous, cross-platform zero-day exploits in their attacks, which makes this threat especially damaging and, as an added bonus, very difficult to diagnose post-factum.

Most documented cases have been found by mere coincidence, therefore it is safe to assume that watering hole attacks are not rare, but are rarely discovered by traditional tools alone.

Dekeneas APT Hunter

Our proprietary Dekeneas APT Hunter identifies websites hosting both known and unknown (“0day”) malware used in watering hole attacks, drive-by attacks, crypto jacking attacks or exploit kits.

• Unlike other available solutions, which focus mainly on detecting the later, post-infection stages of an attack (e.g. the exploitation phase or the command & control contact phase), Dekeneas APT Hunter is able to detect the code responsible for initiating an attack in the first place.
• Its unique capabilities make Dekeneas APT Hunter the perfect tool for effectively identifying 0day vulnerabilities used by hostile parties in real attack campaigns.

Dekeneas On-Premise WSG

The Dekeneas WSG range is a family of secure web gateway appliances, integrating the advanced artificial intelligence malware scanning capabilities of the Dekeneas APT Hunter into your network, protecting your users from some of the most elusive attacks used by hackers.

WSG-010 WSG-100 WSG-200

WSG-010

Virtual Appliance

• Administration interface
• Transparent Proxy (network traffic redirector, WCCP redirect)
• Explicit Proxy (supports PAC installation, WPAD server, Active Directory)
• HTTP/S inspection
• URL filtering based on Dekeneas APT Hunter

• Integrated Dekeneas APT Hunter engine
• Supports both IPv4 and IPv6 protocol stacks
• Supports integrations with external threat intelligence feeds, commercial or open source
• Custom and automated whitelisting of websites
• Custom and automated blacklisting of malicious websites
• Automated antivirus scanning of files in transit
• Automated updates of AV signature database
• Automated blocking of malicious files in transit

Download Datasheet

WSG-100

Hardware Appliance

• Administration interface
• Transparent Proxy (network traffic redirector, WCCP redirect)
• Explicit Proxy (supports PAC installation, WPAD server, Active Directory)
• HTTP/S inspection
• URL filtering based on Dekeneas APT Hunter
• Active Directory integration (multi realm, multi forest NTLM, single sign on through browser stored credentials)
• Inline sandbox
• Bandwidth management

• Integrated Dekeneas APT Hunter engine
• Supports both IPv4 and IPv6 protocol stacks
• Supports integrations with external threat intelligence feeds, commercial or open source
• Custom and automated whitelisting of websites
• Custom and automated blacklisting of malicious websites
• Automated antivirus scanning of files in transit
• Automated updates of AV signature database
• Automated blocking of malicious files in transit
• Automated YARA scanning of files in transit
• Automated updates of AV signature database
• Automated blocking of malicious files in transit
• Data leakage prevention through artificial intelligence classification

Download Datasheet

WSG-200

Hardware Appliance

• High availability setup

• Administration interface
• Transparent Proxy (network traffic redirector, WCCP redirect)
• Explicit Proxy (supports PAC installation, WPAD server, Active Directory)
• HTTP/S inspection
• URL filtering based on Dekeneas APT Hunter
• Active Directory integration (multi realm, multi forest NTLM, single sign on through browser stored credentials)
• Inline sandbox
• Bandwidth management

• Integrated Dekeneas APT Hunter engine
• Supports both IPv4 and IPv6 protocol stacks
• Supports integrations with external threat intelligence feeds, commercial or open source
• Custom and automated whitelisting of websites
• Custom and automated blacklisting of malicious websites
• Automated antivirus scanning of files in transit
• Automated updates of AV signature database
• Automated blocking of malicious files in transit
• Automated YARA scanning of files in transit
• Automated updates of AV signature database
• Automated blocking of malicious files in transit
• Data leakage prevention through artificial intelligence classification

Download Datasheet