Thwarting APTs using NLPRank

An APT is an Advanced Persistent Threat, which is the term for a series of attacks occurring over a period of time, generally targeting one specific organization or type of organization. After infiltrating an organization’s network, attackers will use malicious sites in phishing campaigns against the organization. These install malware so the attackers can access systems containing sensitive data.

NLPRank stands for Natural Language Processing Rank, a technique developed by OpenDNS. In short, this technique is designed to prevent you from visiting a malicious website or fake domain.

OpenDNS can be set up on a home router, which takes effect across everything connected to a home network. This allows parents to set up content filtering on the network. The filtering occurs by checking against a community-driven list of sites suggested for blocking, providing a reputation ranking system for most existing web sites.

However, attackers rely on the time it takes for sites to gain a reputation ranking by rapidly registering new domains with scripted systems and then creating sites for them that look relatively legitimate.

NLPRank will detect and block sites without having to scan them first. It by-passes the reputation system of most security tools. NLPRank simply analyzes the domain itself for sketchiness. It looks for domain names and language that mimic what a company would use and then sees if the site was registered recently and if the domain is associated with that company’s IP address space.

Learn more in the news.

Advertisements

About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: