Network Detection & Response
Extend packet layer detection and response to any device connected to the network. Ideal for detecting advanced threats that bypass EDR or the Firewall and for protecting devices that cannot support an agent.
Cyber Threat Edge Node
The Cyber Threat Edge Node inspects and logs every data packet moving into and out of your network and applies advanced threat intelligence, intrusion detection, deception technology, and network security monitoring to detect and block threats.
Threat Intelligence
Threat Intelligence data is gathered via automaton in our SOC. These lists are composed of de-duplicated, filtered and enhanced lists from public, private, internal and government sources. Our end result threat intelligence list contains 500 million plus indicators of compromised infrastructure, botnets, command and control servers, etc.
Intrusion Detection & Prevention
As packets are ingested into the system, they are inspected by an Intrusion Detection System (IDS) looking for threats, anomalies, misconfigurations, protocol mismatches, data exfiltration and other indicators of compromise.
External Deception
The Cyber Threat Node has the ability to provide deception nodes, both externally and internally. Deception is a very high quality, low false positive (zero or close to zero) indicator of nefarious activity on the network.
Internal Deception
In addition to external deception, we can also run deception internal to the network. We have several deception models as shown below that can run internally. Internal deception events trigger an immediate alert to the SOC.
Network Security Monitoring
Since every packet is inspected, the metadata and flow data of every packet and conversation is stored in the storage/ search engine. This allows the system to run non-signature based anomaly detections, such as Domain Generation Algorithm detection, and Malware Beacon analysis using machine learning and Fast Fourier Transforms (FFTs).