Not Logged In [Login Now]

ThreatFactor NSIA


How It Works

ThreatFactor NSIA identifies website security problems using search functionality that it similar to a search engine. NSIA analyzes discovered content using an advanced analysis engine that is capable of detecting both known and unknown threats. The ThreatFacter scan engine uses deep content inspection signatures that are constantly updated in order to detect known threats, unusual changes and anomalous content.

Once an issue is detected, the incident response system is invoked. The incident response can be modified to perform almost any action such as sending a message message (IM, email, SMS) or executing a script.

Advanced Analysis Engine

The ThreatFactor analysis engine was designed specifically for the accurate detection of security problems. See the diagram below for details:
Analysis Engine
Malicious content is oftentimes obfuscated in such a way that prevents security devices from correctly analyzing the content. ThreatFactor subverts obfuscation by analyzing the content to identify the real content-type and encoding (regardless of what the web-server indicates it is).

Next, the ThreatFactor analysis engine parses the content and executes the JavaScript in order to derive the actual, debofuscated result.

Content Analysis
ThreatFactor uses a two-part analysis engine for comprehensive issue detection. ThreatPatterns are similar to IDS signatures and are very effective at detecting many types of threats.

However, some issues require more advanced analysis. Therefore, ThreatFactor supports signatures written in a scripting language called ThreatScript. ThreatScripts are extremely flexible and can therefore perform most any type of analysis.

Incident Response System
Once an issue is detected, the incident response system is engaged. The Incident response can be configured to perform varous actions such as:
  • Running a program
  • Sending an email, IM or text message
  • Sending a syslog message

The incident response system can also execute ThreatScripts and therefore can be customized to open tickets, enable firewall rules or other related actions.