Defend your organization from the aggressor, know your enemies and understand their techniques, discover hidden aspects of your attacker’s infrastructure, enrich them with custom inspections and advanced links.
To defend oneself efficiently it’s necessary to identify the attack source and delineate the origin. Investigations and correlations on domain registration expands and enriches our knowledge of the attacker.
Thousands of times per day domains are bought and transferred between individuals. At the time of purchase, during registration, the buyer must give their personal identification data.
This information will be stored in a WHOIS record associated with the domain.
WHOIS is a protocol that allows anyone to interrogate proprietary information about a domain, IP address or network.
SecParadise retrieves WHOIS data relative to the registrant, making them available in an archive and monitoring for any change.
How does this help?
Aggressors must establish an infrastructure to conduct their attack and send in their malware. WHOIS data can deliver detailed information on who hides behind an attack campaign.
Using the domain registration data, it’s possible to uncover a malicious user’s infrastructure, connecting a suspected malicious domain to others.
DNS is a split database containing RR (Resource Records) regarding domain names. Thanks to a caching system allowing the DNS structure to be distributed, RRs have a TTL (Time to Live) necessary to intermediary servers to know when to request more recent information.
SecParadise extracts RR for investigation.
Domain reputation investigations
Do you have any evidence of suspected malicious traffic from a domain? SecParadise allows for Web Reputation Investigation.
Every website has an associated Reputation. It’s a ranking system that sums up trustworthiness and reliability of a website as a unique collection of webpages. It also influences Serach engine rankings.
If a website has a bad web reputation, search engines consider it as low quality, lowering its position.
Email reputation investigation
Do you get suspect email? SecParadise investigates on email reputation of the sender IP to discover bad rankings and possible malicious contents.
An email (or sender) reputation is the measure of sent email practices and how strictly the ISP (Internet service provider) provided rules are followed.
ISPs then use these criteria more than the actual contents of the emails to filter spam.
Email Reputation is measured mostly for sender IP address.
To intercept any change to the data, for any search SecParadise allows to activate a real time monitoring alert for the domain. Any further change will be notified via email. Furthermore, SecParadise includes a useful monitoring tool to help protect against phishing attacks or trademark abuse. The tool will warn about new second-level domains being registered with specific text in the name.
- Complete your investigative dossier with the DNS zone file data.
- Monitor the last 24 hour’s changes in the DNS zones.
- New insertions and all modification to the zone files.
- See zone file changes daily
To complete the services in the Domain section, SecParadise ZoneFile allows to enrich the personal investigation dossier searching for information in the DNS zone files.
Through a quick filter you’ll be able to find the monitored zone files and all the changes in the DNS zones spanning in the last 24 hours.
- SSL Cerification monitoring.
- Realtime problem diagnosis on SSL Cerificate installation.
- Activate with one click the SecParadise control, keep your services monitored.
- Don’t let your security expire.
SecParadise Certificate lets you investigate SSL certificates on demand. Our functionality will help you diagnose any problem with SSL certificates installation.
You’ll be able to verify in real time your web server to check that a certificate has been correctly installed, it’s valid and reliable so that it won’t create any trouble for your customers. You can also check that your web applications’ certificates are correct or not expired.
SecParadise search functionality downloads the technical information contained within the certificate and with one click you’ll be able to activate a monitor alert that will warn you via email of any future expiry.
- Protect your systems.
- Discover threads scanning with SecParadise Antivirus.
- The specialized engine with rules and IoCs from multiple antivirus softwares guarantees reliability, limiting false positives.
SecParadise Antivirus allows to scan files to guarantee trustworthiness and intercept threats.
The scanning engine is powered by multiple antivirus scans in real time.
Scanning against multiple IoCs increases the security level.
This type of scanning also reduces the occurrence of false positives.
Scan results are anonymously saved in the system to increase performance and give a history to further increase your safety.
The first step to be protected against external aggressions is to keep all your software constantly up to date and get security bulletins (Common Vulnerabilities and Exposures) that are released daily.
Without a proper method and precise rules, sorting through the multiple CVEs is complicated and inefficient.
SecParadise can help you complete this time consuming (but necessary) task, reducing effort and increasing productivity.
SecParadise downloads daily CVE bulletins releasing a vulnerability list, explorable to the most technical detail. This level of detail allows SecParadise’s engine to monitor to the lowest level.
Are you interested in a specific technology? In a particular product or vendor?
SecParadise allows to search hardware and software vulnerabilities and activate monitors on specific technologies. Once a personalized search has been activated, if a new vulnerability is found the engine will notify you including all the detail in the CVE.
- RIPE registration
- Related IP
- RIPE history
- IP and domains identified in one massive search
Identify and localize attack sources with one search.
Investigations and correlations between RIPE archives, geo-localization and IP addresses will allow you to get a better “feel” for the attacker.
The Network module dynamically relates with the Domain module to complete the investigation.
- Don’t leave anything open.
- Know your perimeter and
identify the accesses to protect.
- Find open ports in your services to allow for proper defense.
Find open ports in your services to implement the correct responses.
SecParadise Port Scan allows to analiyze an address to identify vulnerabilities that might allow a malicious user to execute unauthorised operations.
Useless open ports are a threat to security. This module allows to analyze open ports in a system customizing the address and the port interval.
Furthermore, SecParadise keeps records so that you can identify any change over time.
- Keep under control the dark side of the Internet
- TOR’s Deep Web is just one click away
TOR (The Onion Router) allows anonymity by using specific servers and network rules.
In this network, traffic is routed through a complex and encrypted virtual circuit built between numerous Onion Routers.
A Onion Router is a member of the TOR network, voluntarily giving away part of their bandwith to keep the service running.
The protocol utilized in the TOR network is designed to guarantee anonymity, security, data integrity, network congestion control and controlled exit policies.
It comes without saying that behind such anonymous technology malicious actors could operate and must be monitored with close attention.
SecParadise allows to access the list of addresses known to be part of the TOR network, performing quick searches and letting you download the whole results list.
- Daily news from 40 different sources
- Nurture your knowledge, it’ll be fundamental for the preventive protection of your systems
Feed is the section in SecParadise dedicated to the retrieval of IT security information necessary to Cyber Security and Prevention departments.
Security’s objective is to foresee possible threats and adopt the necessary technologies and remedies to defend oneself, one’s business and services. Being up to date with security vulnerabilities and technical news is necessary to guarantee a swift response to newly discovered bugs and vulnerabilities.
This functionality is completed by a free search field and the possibility to go back to the news source.
- MD5 Converter
- SHA256 Converter
- Random number generator
- Random ID
SecParadise simplifies your job with its technical utilites.
SecParadise Utility offers four useful functionalities that will make your daily life easier.
You’ll have available a MD5 and a SHA256 converter and a GUID and random number generator with limits and ranges.
- All your credentials in one solution
- Manage your password with SecParadise Wallet
- You’ll have password cryptographically encrypted in real time without physical storage
- Any thread of data leakage is removed
SecParadise’s Wallet engine handles the encrypted insertion of the data to avoid any risk of data leakage.
Wallet allows the addition of standard credentials or credit card information, encrypting them on-the-fly to avoid leaks during the storage process.
- Use the power of SecParadise’s APIs
- The entire backend is at your disposal in a separate section
- Testable, browsable, mergeable
All SecParadise’s sections and functionalities are reachable through the API.
The API section gives access to the whole array of SecParadise’s functionalities. In the dashboard section there’s a double filter (by area or free text).
Every request comes with an example request to simplify your experience.
Configurable workspace for group communication.
SecParadise delivers a homepage filled with dashboards to monitor every aspect of the workflow. Attention is given to the antivirus and vulnerability sections, and news from the security world.
Dashboards help your team to stay always up to date and let them take important decision shortening response times.
SecParadise’s workspace allows you to configure team messaging, centralizing and focusing them.