Boundary Defense

Detect, prevent, and correct the flow of information transferring networks of different trust-levels with a focus on security-damaging data.

Data from the IDS will not alert you to issues transpiring, but can also act as a catalyst for a re-evaluation of the network architecture and a cue to institute additional security controls such as network segmentation or even a proper DMZ setup. CyberDefense's intrusion detection functionality is second to none, offering built-in network and host-based IDS, as well as the ability to ingest data from wireless intrusion detection systems. These capabilities, bolstered with integrated threat intelligence from CyberDefense Labs and the Open Threat Exchange, ensures that you are made aware of any activity related to the most recent threats.

Data Protection

CyberDefense provides the processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.

Organizations need to be able to detect the exfiltration of protected, proprietary, or confidential data, as well as detect large amounts of data (such as a patient database) moving around your network. This activity can be very tough to track, especially when attackers try to hide their tracks or use unconventional techniques to leak data.

CyberDefense give you visibility into data leaving your network, either accidentally or intentionally by keeping a close watch on the traffic patterns via the integrated IDS and the correlation of collected data. This can identify attackers leveraging FTP or even web-based services like Dropbox to steal information.

Additionally, CyberDefense incorporates behavioral monitoring that adds valuable context to data collected by other means. This includes NetFlow/SFlow monitoring that raises awareness when an unusually large amount of data is leaving/entering the network. CyberDefense is also able to monitor the availability of services and alert you when they go down. Stopping or freezing services related to endpoint protection or other detective applications is a common tactic that attackers will use to obfuscate their activity.

Controlled Access Based on the Need to Know

CyberDefense provides the processes and tools used to track, control, prevent and correct secure access to critical assets (e.g., information resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on their approved classification.

Similar to Boundary Defense, this control lays out the need to restrict administrative access to only those users and systems where that level of access is substantiated by a real business need. This also calls for the regular evaluation of whether or not this policy is being followed. This is important because the widespread and flagrant use of admin/root level access when not required is low hanging fruit for an attacker looking to gain access to your environment.

The ability to analyze and correlate log data into events is one of CyberDefense's core capabilities and gives you a deeper level of insight into who and what is using elevated access to traverse the network. Using built-in IDS and log parsing functionality, users can identify when specific accounts are being used for specific systems (or on any system but a specific one), and be alerted to it. If you'd like to take action as well, you can write a custom script that disables that account when an alarm is triggered.

Wireless Access Control

CyberDefense offers the processes and tools needed to track, control, prevent, and correct the security use of wireless local area networks (LANS), access points, and wireless client systems.

Wireless access has become a standard method of connecting to networks. By not securing the wireless channels in your environment or monitoring your network for any unauthorized wireless devices, you put your organization's safety at risk. In the past, attackers have bypassed security measures in existing wireless access points (WAPs), deployed their own wireless devices disguised as your

WAPs, or even compromised the wireless clients of employees' when used outside your network, acting as a back door once the device is brought back on premise.

With CyberDefense, you have the ability to scan your environment for new devices on a regular basis, letting you know when new devices are deployed that may not fall under your security policies.

Account Monitoring and Control

CyberDefense enables management of the life-cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.

In addition to securing your administrative accounts and restricting that access to only those that "need-to-know", you need to actively keep track of other user accounts, especially service accounts with privileged access and accounts that are no longer in use. This can encompass accounts belonging to ex-employees or those that were provisioned for services/applications that have since been decommissioned.

As mentioned in the discussion about Wireless Access Control, CyberDefense has the ability to parse logs and Windows events to identify use of specific user accounts, allowing you to disable them before they are used for malicious purposes. You can also build correlation directives that would alert you when a specific service account is being used to authenticate against a system other than the one it was provisioned for.

Application Software Security

CyberDefense enables management of the security lifecycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.

If your organization offers any web-based services that leverage access to internal systems (databases, file servers, etc.), you need to treat those as primary attack vectors and consider the exploitability of the application itself when instituting your security policy.

CyberDefense comes with a built-in vulnerability assessment engine that is continuously updated with new threat intelligence. This capability allows you to identify unpatched or poorly misconfigured applications that will leave you open to attack, even in recently developed applications or those with newly discovered exploits.

In addition, CyberDefense's built-in IDS functionality powered by integrated threat intelligence spots common web application exploits like SQL injection and Cross Site Scripting (XSS) attacks as they are happening, This allows you to stop the attack in progress and gives you time to remediate the issue and prevent future attacks.

Incident Response and Management

Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g. plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attackers presence, and restoring the integrity of the network and systems.

Event Correlation and Integrated Threat Intelligence / Response Guidance

The event correlation and integrated threat intelligence built into the CyberDefense platform minimize the amount of time IT teams need to spend researching new threats. The single pane of glass management console presents the information needed to visualize all of the relevant threat data, and each alarm contains detailed response guidance. In other words, the IT team can spend its time mitigating the threat rather than researching each alarm. While incident response and management deals with procedures outlined when a breach/security event occurs, CyberDefense becomes a tool that greatly accelerates an organization's ability to respond. It can also be used as a post-mortem tool for future refinement of IR/M policies. If your IT team has limited resources, you don't have time to mount an effective defense against cyber threats. You likely employ a patchwork of security technologies that provide only some of the security capabilities you need leaving gaps in your ability to detect and respond to malicious activity on your network. You also probably spend precious time manually trying to consolidate and analyze logs from a wide range of security point products looking for indicators of compromise. Ultimately you are unable to accurately answer questions like "Are we at risk from this new threat" or "Are we compliant?"

Today's Threat Environment

In today's threat environment, there is no way to keep a patient, determined attacker from penetrating your network. Detection and response, and not prevention, is the key to avoiding a data breach and HIPAA penalties. Effective threat detection requires three components:

1. Technology. A range of security controls to identify suspicious and malicious activity in your network
2. People. Security analysts who research the threats and implement the incident response plan after the technology detects threats
3. Processes. Clear incident response policies that describe the who, when, where, and how to investigate and respond to alarms

CyberDefense unifies all three of these essential components into a single platform. Its comprehensive security controls monitor your network, applications, and devices for malicious and suspicious activity. It can also incorporate data from existing security point products via plugins, preserving the longevity of your investment. It then generates the security events that the built-in correlation engine analyzes, links related events from across your network, and alerts you to the most significant threats in your network. CyberDefense's integrated threat intelligence eliminates the need for IT teams to spend precious time conducting research on emerging threats, or on alarms triggered by security tools. The CyberDefense security team spends countless hours mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities, and exploits they uncover across the entire threat landscape. Threat intelligence as a coordinated set of updates is regularly delivered to the CyberDefense platform, which accelerates threat detection and remediation.

Each alert from CyberDefense contains detailed information about each threat, the attack's intent, and response guidance. These arms your IT team with the information they need to understand the attacker's methodology and how to respond appropriately. It eliminates the need for your IT team to spend its valuable time researching each alert and instead focus its efforts on responding to the most important threats in your network.