Keeping your business running
SOHU (Small Office Home User)
This page describes some of our SOHU platform services that are used to make your business more cyber resilient. These “services” run on our customised, supplied and maintained network appliances/devices you get as part of the SOHU service.
Website Blocking Service
This service protects you from a variety of Internet borne threats based on categories of “known knowns” or “known bads” referred to as a blacklist. While not perfect it will filter many of the sites that will cause your business to be impacted:
-
It preemptively prevents your users from requesting and viewing information that is a “known bad” e.g porn sites, sites that contain malicious or illegal software, or even sites you can deem unnecessary that is your custom list
-
This process reduces the risk of employees creating liability for you and your business by preventing access and retrieval of inappropriate or illegal content.
-
It prevents frivolous use of Internet bandwidth leaving it there for what it was intended for which is serving the needs of your business
The blocks are reported to you as business owner to action as you see fit.
Malware Detection
This service via its sharing of attack intelligence practically applies the principle the pain for one should not mean pain for all. It gathers attack data from a variety of sources which include SafeNSecure users and aggregates it, performing analysis to produce contemporary, recent cyber intelligence.
It is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious activities/systems, along with static, persistent activities/systems compiled from various anti-virus reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), a URL (e.g. hXXp://109.162.38.120/harsh02.exe for known malicious executable), an IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).
Its benefits are:
-
it leverages the intelligence of the “network” to defend against cyber attackers
-
preemptively and proactively blocks cyber attackers before they even launch an attack on you
-
reduces the amount of processing of unnecessary traffic e.g in your intrusion detection systems
Web Caching Service
This is a server that caches frequently accessed files from the Internet to a hard drive (cache) on the SOHU server. This process enables it to be served from the hard drive direct to requesting devices at the speed of a hard disk which is up to 1 million times faster than a shared Internet connection. By doing this it also saves on network bandwidth (traffic) with your ISP as the request for the object which can be up to 100 megabytes in size or larger will be served from the cache storage rather than be downloaded from the Internet.
This service provides the following protections and benefits to you:
-
It stores and reuses frequently accessed content serving it from your local hard drive rather than accessing it via the Internet reducing demands on your bandwidth. The savings can be significant in time wasted for downloads from the Internet.
-
It keeps a record of all Internet access for the web in a centralised location.
Anti-virus (AV) Services
ClamAV® is an open source anti-virus (AV) engine for detecting trojans, viruses, malware & other malicious programs which we call malicious code.We utilise ClamAV at various layers within the SOHU device. In a layered defensive model AV are essential in removing threats from malicious code and AV provides frontline defence against cyber attacks generated by malicious code.
Anti-virus is a mature technology while never 100% effective at detecting new threats it is very capable of detecting and removing known threats for which they a have “signature”. The signatures are updated automatically every 24 hours from the ClamAV repositories.
ClamAV uses heuristics, behavior tracking and AI technology to detect new or suspicious files in your network flows. This use of heuristics/AI is a way of trying to detect new recycled malicious codes that bypass signatures by slightly modifying the original base of existing known malicious code. It should be noted that not all successful attacks are sophisticated, some codes are modified and literally recycled for reuse.
This service provides the following protections and benefits to you:
-
Real-time protections of your network using AV
-
Updated and maintained AV protections
-
An additional layer of defensive countermeasures against malicious codes
-
Preventing malicious codes from reaching your device i.e they are stopped in stream before they get to your devices.