What is myNetWatchman?
The primary issue in internet security is not that hackers
troll the Internet, but rather that the Internet is chock
full of insecure systems which are easily compromised, providing
means for hackers to perform untraceable, indirect attacks.
The only profound way to improve Internet security is to reduce
the number compromised systems and minimize the amount of
time that a system remains in a compromised state. (Click
here to learn more about the
myNetWatchman Vision.) myNetWatchman achieves
its goals through:
- Security Event Aggregator
- Centralized, web-based firewall log analyzer
- Fully automated abuse escalation/management system
How does myNetWatchman Work?
Step 1
Internet users and companies throughout the world install
our Agent software to automatically relay their firewall log
events to our central analysis server. (Click here
to see myNetWatchman's Privacy Policy.)
The current agent network (Updated: 5/14/2008 11:26:00 PM -0400):
| Active Agents |
U.S. States Covered |
Countries Covered |
Event Records Processed (last 24 hrs) |
337 |
32 |
33 |
976023 |
Step 2
Log events with the same source IP addresses are organized
into incidents. All IP addresses are automatically backtraced
and the responsible domain is identified. This allows you
to see ALL events that orginated from a particular source
IP address — even activity reported by OTHER agents.
Step 3
Depending on the target service and the number of agents
that report a given source IP, the myNetWatchman mailBot automatically
sends alert e-mails to the responsible party. Basically you
don't need to lift a finger...everything from collecting the
data to backtracing to sending an e-mail escalation is all
done for you.
Currently we send 500-1000 alert e-mails per day (10,000+
during Code Red). Often the alerts are sent within 60 seconds
of when an agent logs an event. This is essential as it helps
us inform system administrators (who have usually been compromised
themselves) fast enough so that they can take action before
serious damage is done.
Top Escalations in last 24 hours: (Updated:5/15/2008 3:26:02 AM UTC) | Responsible Domain | Escalation Count |
|---|
| chinanet.cn.net | 62 | | ocn.ad.jp | 40 | | kabel-bb.de | 35 | | shaw.ca | 31 | | cnc-noc.net | 31 |
ISP Ratings: High Volume (> 125 Incidents/Week) ISP Ratings: Medium Volume (25 - 124 Incidents/Week) ISP Ratings: Small Volume (5 - 24 Incidents/Week)
Step 4
We receive responses back from about 25-30% of the escalations
we send. All of the response information, often with candid
details on how the system was compromised and what steps were
taken, is all recorded in the incident detail. Many ISPs do
process and act upon our alerts, but unfortunately they don't
have the automated systems to provide e-mail confirmation
of their efforts... but rest assured that most alerts ARE
acted upon.
In addition to the global reports you see listed to the left.
Agents that contribute data also get a
Sample personal report page where you can see an analysis
of just the events that you reported.
As an added bonus active agents also receive our IPWatch
service which gives you the ability to track your current
IP address from anywhere. This is very handy if you have a
dynamic IP address and need to connect to your personal web
server or remote access program from a remote location.
In summary, think of myNetWatchman as a centralized firewall
log analyzer and escalation system that adds a global perspective
to your event data--something that no standalone product can
achieve.
Our software and services are free for individual use. Simply
register and download.
We are currently piloting our security abuse management services
for organizations, ISPs, and managed service providers. Anyone
interested in participating in our pilot program should contact
Lawrence Baldwin at  . |
