The CyberDefense Platform

The CyberDefense platform allows you to easily manage your audit logs. Single-purpose SIEM software or log management tools provide valuable information, but often require expensive integration efforts to bring in log files from disparate sources such as asset management, vulnerability assessment and IDS products. With the CyberDefense platform, SIEM is built-in with other essential security tools for complete security visibility that simplifies and accelerates threat detection, incident response, and compliance management.

Log management is a necessary but time consuming activity. The CyberDefense platform enables the IT team to focus on responding to threats discovered by its integrated threat intelligence and built-in security capabilities instead of digging through log files manually.

Email and Web Browser Protections

CyberDefense minimizes the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers and email systems.

Two of the most common attack vectors are email and web browsers. Attackers are able to compromise system on your network by targeting a vulnerable browser via a drive-by download, or utilizing a remote access Trojan (RAT) attached to an email message. Too often the vulnerable systems are running older versions of browsers or applications for which patches exist, but were never deployed. Organizations often lack the knowledge of which systems are running vulnerable software, and when bad actors are targeting those systems.

The CyberDefense platform is particularly well-equipped to help you improve the security of your email and web browsers, It uses Asset Discovery to first identify all of the devices on your network and creates an inventory of applications running on those devices. Then it uses its built-in Vulnerability Assessment to identify the vulnerable software running on your devices, and is able to open up a trouble ticket with its built-in ticketing system. The built-in IDS is also able to alert you to any malicious activity targeting those vulnerable systems that you have not yet patched. The built-in IDS is also able to detect inbound or outbound communication with known bad actors as well as Command and Control (C&C) systems. The Behavioral Monitoring will alert you to any changes in behavior that could indicate compromised systems, and the built-in SIEM correlates seemingly unrelated events from across your network to tell you detailed information about any threats, as well as the intent of the attack and how to respond, which helps you prioritize your response. Lastly, the regular Threat Intelligence updates from lab sources keeps your CyberDefense platform up to date to the latest changes in the threat landscape.

Malware Defenses

Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable the rapid updating of defense, data gathering, and corrective action.

Malware, no matter its specific intent, is designed to infiltrate your environment and either disrupt normal operation of services or steal data/gain access to sensitive systems. To evade detection, malware developers are constantly altering code so that Antivirus and other endpoint protection measures do not spot them.

The CyberDefense platform comes with built-in network IDS to spot the delivery of malicious software; certain attack patterns as well as other types of suspicious traffic. You are able to deploy Network IDS (NIDS) throughout your environment to get better visibility into the potentially dangerous traffic on your network.

An added benefit of using the IDS capability found in CyberDefense is the continuous updates to the IDS signatures, or attributes of data packets known to be indicative of malicious behavior.

Limitation and Control of Network Ports, Protocols, and Services

Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to hackers.

Attackers constantly scan for remotely accessible services that they can use as entry points to your environment, either via exploitable vulnerabilities or the use of default credentials. Applications that you or your users deploy can install services and/or open ports arbitrarily, often times without your knowledge. This means that web servers, file sharing services, even remote access tools could be running unbeknownst to you, leaving you wide open for an attack.

CyberDefense can ingest nearly any type of log from network devices, parse the data, and then feed that into our correlation engine. We can look for specific entries in logs that will highlight unauthorized and/or potentially malicious traffic in real-time In addition to alerting you, CyberDefense allows you to create or customize policies to take specific action for that particular class of event.

To help identify problems in advance, though, CyberDefense includes built-in asset discovery that includes scanning for available ports and services. This will give you a better idea of what exactly is exposed to the outside and let you evaluate the business need. You can also leverage the scheduling functionality to run these asset scans regularly without manual intervention.

Data Recovery Capability

CyberDefense offers the processes and tools used to properly back-up critical information with a proven methodology for its timely recovery.

In the unfortunate occasion that you are unable to completely recover from a security, (such as endpoints infected with ransomware, contamination of secure data, or physical damage to storage devices), a backup to restore from can be your only hope. In addition, you should be running regular checks on the backup solution itself to ensure that the backups are viable and that the restore process is fully functional. While data backup and restore solutions are traditionally separate from security platforms, CyberDefense's open plugin architecture allows for easy development of a plugin to parse essentially any text-based log data. Since backup solutions log the status of failed and successful jobs as well as the status of regular maintenance checks, CyberDefense can be customized to alert you to issues with the backup process.

Secure Configurations for Network Devices Such as Firewalls, Routers, and Switches

CyberDefense offers the capability to establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.

Much like securing configurations on mobile devices, laptops, and servers discussed earlier, the same considerations need to be made for network devices such as routers, switches, and wireless access points. When these devices are left in their default state, open ports, unsecured services, and manufacturer's default passwords are easily exploitable by even novice hackers.

The host-based IDS functionality integrated within CyberDefense allows you to monitor files for any changes, including the configuration files found in most network devices, In some cases, this could alert you of the initial steps of an in-progress attack and give you precious time needed to remediate any issues before they wreak complete havoc.

CyberDefense's alerting mechanism allows users to execute scripts as the result of alarm firing. This would allow you to write a simple script to quickly update a network device configuration to an earlier, known to be secure, version.