How It Works

Below illustrates three types of cyber-attacks which SiteVisor is able to detect.

Internal Malware Infection (Global Scan)

When the infected host starts scanning outside the organization, including the external darknet in organization A, the analysis center detects the infection on the basis of the match between the source IP address of the darknet traffic from organization G and the preregistered livenet IP address. It then sends an alert to organization G.

Global_Scan

Internal Malware Infection (Local Scan)

When a malware infection occurs in organization G and the infected host starts scanning the inside of the organization, including the internal darknet, the analysis center can detect the infection on the basis of the match between the source IP address of the darknet traffic from organization G and the preregistered livenet IP address. The analysis center then sends an alert to organization G.

Local_Scan

DDoS Backscatter

When a host in organization G is under a distributed denial of service (DDoS) attack from many spoofed IP addresses, the host sends backscatter (TCP SYN-ACK) packets to a wide area, including the external darknets in organizations A and B. The analysis center detects the backscatter on the basis of the match between the source IP address of the darknet traffic from organization G and the preregistered livenet IP address. It then sends an alert to organization G.
DDoS