Unique Concept

RedSocks Security invented a unique concept for detecting and fighting malware, and has developed an innovative new Solution based on this innovative thinking. Traditional network security tools mainly only monitor inbound Internet traffic (Sandbox, Firewalls, Anti-Virus, etc). The RedSocks Malicious Threat Detection Solution (MTD) focuses on monitoring outbound traffic to detect malicious behavior and breaches.

The RedSocks Probe/MTD architecture is plug-and-play and detects breaches by checking network traffic in real-time for all malicious communication to the Internet.

For RedSocks, the security and privacy of our customers’ data is our primary concern. Our systems, the MTD, and the flow monitoring setups are designed with that principle in mind.

Respond to Advanced Persistent Attacks

Detection by design without alert overload, the RedSocks solution is built with APTs in mind. The behavior of endpoints dramatically changes once they are infected by an APT. The RedSocks Malicious Threat Detector (MTD) raises an alert and informs the user about which end-point devices are probably infected and which ones are certainly infected. It verifies the “likely infected” devices and alerts about any suspected malware activity to watch out for.

By exclusively focusing on traffic meta-data (so-called flow data) it becomes possible to perform analysis over longer periods of time. This enables detection of the most sophisticated malware and APTs. The MTD only monitors traffic meta-data and not the content itself, thus preventing compromise of confidential corporate information.

There is no additional network burden either as the Probe/MTD architecture does not send additional traffic over the network and is not setup as a MitM. Using the appliance has no impact whatsoever on the performance and reliability of the IT-infrastructure. These features make the RedSocks Security portfolio a unique combination of solutions for a secure and privacy-conscious network.

RedSocks MTD Hardware or Software

MTD Appliance

The RedSocks MTD will be installed next to the router that transfers your data to the internet. This router provides meta-data of the network traffic to the MTD: not the content of the communication, but data including origin and destination address, protocols, used port and the size of the communication.


The RedSocks Probe – a device that has access to full-packet streams – is designed for end-to-end connectivity to a RedSocks Malicious Threat Detector (MTD) e.g.; for time synchronization, requires no dedicated Internet connectivity and has no on-board data storage. It is not possible for captured data to be leaked to the Internet, or to be stolen in the event of a breach.

The RedSocks MTD, acting both as flow collector and as analysis application, provides encrypted (forensic) data storage. In addition, the MTD supports transport over encrypted channels using (D)TLS, therefore transport is secure when third-party flow exporters are used.

Virtual MTD 

The RedSocks MTD can also be delivered as a virtual solution. The RedSocks vMTD is a virtual version of the RedSocks Malicious Threat Detector (MTD), an appliance for analyzing IPFIX traffic streams for the presence of malicious behavior and malware. It can be deployed in VMware-compatible environments and scaled up according to the needs of the target network. This document describes the RedSocks vMTD’s requirements, as well as its installation and configuration steps.
Book a demo

Penetration Testing

Part of having your cyber security in check, means performing pentests on a regular basis to test your actual security, and to make your employees aware of possible threats.

Our pentests are tailored to your environment and needs, such as: the specific parts of your security program and the state of security of your critical systems, networks and applications. We use cyber threat intelligence gained and gathered from years of experience responding to the most sophisticated threat actors.

RedSocks Security uses a systematic approach when conducting penetration tests and are executed with precision.

Our pentests can be executed with different levels of prior knowledge and there are different types that can be engaged, these are as follows:

1 – Infrastructure Penetration Testing

An infrastructure penetration test is a proven method of evaluating the security of your computing networks and infrastructure weaknesses by simulating a malicious attack. This type of pentest can be conducted in any type of network.

2- Application Security Testing

Application security testing searches for vulnerabilities or weaknesses in applications. These vulnerabilities may leave applications open to abuse. Ideally, security testing is implemented during the software development cycle so that vulnerabilities may be addressed early in the developmental stages. Unfortunately, application testing is often conducted after the development of an application.

3- Red Teaming

To simulate the Modus Operandi of an Advanced Persistent Threat (APT) or an advanced hacking test, RedSocks Security will implement the Cyber Kill Chain framework, which uses several stages to achieve its breach objectives.