eSoft uses a number of technologies to identify, test, and protect customers from new and emerging threats. These cutting-edge technologies are controlled through a sophisticated management console called the eSoft Threat Manager.

The Technologies

Passive Honeypots eSoft uses passive honeypots, computers put on the Internet without protections, but behind forensic recording devices. If a hacker gets into the computers, the detailed forensic record will allow the Threat Prevention Team to see how the intruder got in and how to stop them in the future. Active Honeypots eSoft uses a worldwide network of active honeypots -- computers that pretend to be vulnerable to all commonly exploited vulnerabilities -- and pretend to be compromised at any attempt to to hack it. In so doing, the active honeypot captures specific exploits being used in the wild and any malware that those exploits try to upload to the target machine. Threat Database eSoft has one of the largest databases of malware, exploits, spam, categorized URLs, malicious URLs, and malware and intrusion prevention signatures. Autoclassifier eSoft's autoclassifier uses a number of statistical methods from analysis of text and images to analysis of links. eSoft's autoclassifier classifies tens of thousands of websites every day. Those that it can't classify go to eSoft's Threat Prevention Team for manual classification.

Mailpot eSoft uses a number of methods to gather samples of spam, harvest URLs from these samples, and much more. Among these methods is the eSoft Mailpot, which is a honeypot for spam. All email received by the mailpot is unsolicited and all of the incoming messages are immediately blocked for all eSoft users, any included URLs are labeled as spam URLs in the web filtering product, and so on. IMPot Similar to the Mailpot, eSoft collects unsolicited spam messages via instant messenger by advertising IM addresses in places where spammers are known to harvest. All file attachments are saved for analysis by the Threa Prevention Team and all URLs are categorized as spam. Sandnet A sandnet is a network with a "gateway" that lets no network traffic pass, but impersonates the entire Internet so that any attempt to talk to a web server, IRC server, ftp server, or any other server meets with apparent success. This setup is useful in testing malicious software samples to see what network access they attempt, how they spread, what servers they attempt to communicate with, and so forth.