Endgame Systems helps US intelligence identify and hack into vulnerable networks, and is targeting a similar role in Britain's nascent national cyber security operations.
The firm, founded in June 2008 in Atlanta, has built a massive and constantly updated database of security breaches across the globe. It is currently monitoring about 250 million compromised machines.
As well as producing terabytes of geotagged malware tracking data, Endgame Systems also stores details of operating system configurations using Hadoop, the open source file system for very large datasets. Using the approach made famous by Google, this vast mine of "internet situational awareness", as Endgame Systems calls it, is maintained on a infrastructure of cheap, easily replaceable servers.
Internet situational awareness is essentially the brief given to the Cyber Security Operations Centre, the new unit located at GCHQ in Cheltenham, scheduled to begin work next month.
Intelligence and military customers are able to access Endgame Systems' database via a simple web page. They can type in terms such as a location or an organisation and moments later a map or a list of compromised systems appears, showing how long ago they were breached and how.
A search for "Nuclear Power Corporation of India", for example, brings up a list of computers still infected with Conficker, the Windows worm that spread around the world initially via a Microsoft vulnerability. The firm hand-curates its company records.
Such indications of poor basic network hygiene, so readily available, could be very valuable to digital espionage, or even cyber warfare efforts.
Endgame Systems makes no effort to contact those non-customers it observes are afflicted by malware, arguing the global scale of the problem would make it unfeasible and approaches would often be unwelcome.
Read More
