commentBlock = $("#comment_post_29554").find('.comment-blocks'); commentBlock.find('.loading').hide(); commentBlock.find('.see-all-comments').hide(); commentBlock.html("
<\/a>
\"it_user2652<\/a>
it_user2652<\/a>Project Manager at a non-tech company with 10,001+ employees<\/span><\/div>
<\/i>Popular<\/span><\/span><\/span>Vendor<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

I have seen that the IP reputation feature works well in identifying spam and ham. How do you fix if a ham threat is caught as spam? Do you have end user quarantine feature or does it need to be released by administrator everytime?<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"it_user6216<\/a>
it_user6216<\/a>Marketing at a tech company with 1,001-5,000 employees<\/span><\/div>
<\/span>Vendor<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Hi, yes we do. Our backdoor shell protection comes in two forms: one is our Backdoor Protect feature that identifies backdoor shell by intercepting incoming commands (i.e. from hacker or from botnet CnC) and disabling the malicious files. This method is far more effective than the usual signature-based detection methods, as most shell are non-typical - either unique or heavily modified to avoid recognition. \n
Our second method of protection revolves around our IP Reputation algorithms. Among other things, these also monitor known shell distribution resource and block them, when they are used against our clients.\n
Our research shows that most shell are distributed via centralized sources (56% of which remain active for over 60 days) so, as you can imagine, we manage to prevent a lot of attacks just by knowing what these sources are. Currently our IP reputation data-base holds ~3M IPs and it\'s updates each time new attack identified anywhere across our network. <\/p>\n\n

http://www.incapsula.com/the-incapsula-blog/item/685-backdoor-protect-detect-quarantine-remove-shells\n
http://www.incapsula.com/the-incapsula-blog/item/802-rfi-attacks-in-the-security-threat-landscape \n<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"it_user6216<\/a>
it_user6216<\/a>Marketing at a tech company with 1,001-5,000 employees<\/span><\/div>
<\/span>Vendor<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Hi, yes we do. Our backdoor shell protection comes in two forms: one is our Backdoor Protect feature that identifies backdoor shell by intercepting incoming commands (i.e. from hacker or from botnet CnC) and disabling the malicious files. This method is far more effective than the usual signature-based detection methods, as most shell are non-typical - either unique or heavily modified to avoid recognition. \n
Our second method of protection revolves around our IP Reputation algorithms. Among other things, these also monitor known shell distribution resource and block them, when they are used against our clients.\n
Our research shows that most shell are distributed via centralized sources (56% of which remain active for over 60 days) so, as you can imagine, we manage to prevent a lot of attacks just by knowing what these sources are. Currently our IP reputation data-base holds ~3M IPs and it\'s updates each time new attack identified anywhere across our network. <\/p>\n\n

http://www.incapsula.com/the-incapsula-blog/item/685-backdoor-protect-detect-quarantine-remove-shells\n
http://www.incapsula.com/the-incapsula-blog/item/802-rfi-attacks-in-the-security-threat-landscape \n<\/p><\/div>