Network Detection & Response

The Cyber Threat Edge Node inspects and logs every data packet moving into and out of your network and applies advanced threat intelligence, intrusion detection, deception technology, and network security monitoring to detect and block threats.

Threat Intelligence data is gathered via automaton in our SOC. These lists are composed of de-duplicated, filtered and enhanced lists from public, private, internal and government sources. Our end result threat intelligence list contains 500 million plus indicators of compromised infrastructure, botnets, command and control servers, etc.

As packets are ingested into the system, they are inspected by an Intrusion Detection System (IDS) looking for threats, anomalies, misconfigurations, protocol mismatches, data exfiltration and other indicators of compromise.

The Cyber Threat Node has the ability to provide deception nodes, both externally and internally. Deception is a very high quality, low false positive (zero or close to zero) indicator of nefarious activity on the network.

In addition to external deception, we can also run deception internal to the network. We have several deception models as shown below that can run internally. Internal deception events trigger an immediate alert to the SOC.

Since every packet is inspected, the metadata and flow data of every packet and conversation is stored in the storage/ search engine. This allows the system to run non-signature based anomaly detections, such as Domain Generation Algorithm detection, and Malware Beacon analysis using machine learning and Fast Fourier Transforms (FFTs).