Threat Security Network
Advanced Threat Protection for Networks and Web
Stop Advanced Attack Campaigns Faster
ThreatSecure Network detects advanced attack campaigns in progress and identifies changes in behavior to reveal malicious intent. This aggregation of both threat-related instances and anomalous network activity provides security analysts with a single, comprehensive view of malicious activity for faster, more confident decision-making.
ThreatSecure Network connects security events and allows for deeper analysis.
What the heck is Malicious Intent?
Detecting malicious intent involves making inferences from early malware infections, lateral movement, replication, and exploration across your network which may indicate a breach or attack is in progress.
ThreatSecure Network goes beyond traditional monitoring and detection to reveal malicious intent. The solution looks beyond the infection to activity before and after a threat is identified and uncovers the patterns that may be otherwise missed as a threat. This correlation of behavior and activity allows ThreatSecure Network to anticipate and infer the malicious intent from that behavior.
This approach is far more effective than traditional signature-based and machine-learning systems, delivering visibility of attack campaigns in progress for faster response and remediation.
ThreatSecure Network delivers enhanced visibility across the network – an aggregation of network protocols and services across all devices – making it much more than just a malware detection and remediation solution.
Thressions™ – Threat Sessions
ThreatSecure Network’s analytics component is designed to identify and build detailed threat sessions orThressions™ that are used to understand the context and progression of the attacks.
TS Labs – Network Visibility
– Understanding what is expected traffic on an organization’s network is imperative to efficiently isolating a potential issue when the time arises. With ThreatSecure Network’s TS Labs, all the organization’s traffic flows are available.
Monitor and Detect
It’s an unfortunate fact that something will get through your defenses. When it does, ThreatSecure Network will be there to catch it and allow you to respond before it does any real damage.
Intuitive, Powerful Interface
ThreatSecure Network provides intuitive dashboards and analytics that make information easy to consume and understand. The logical user interface also allows analysts to dig deeper – to pivot their data views on the IP address of the source of the threat, the IP address of the target of the threat and the malware sample (when it has been discovered before). In all these cases, the full data of the entity in question is provided in time histograms and top ten occurrences.
ThreatSecure Network Features
ThreatSecure Network monitors all traffic across all ports to detect advanced attack campaigns in progress and identify changes in behavior to reveal malicious intent.
Full Threat Detection and Blocking
- Identify applications and devices generating and receiving malicious traffic
- Extract files from within the traffic
- Analyze and determine the threat of a large category of files using its behavioral determination engine
- Analyze user-generated links’ payloads for the discovery of malicious URLs
- Correlate network activity observed during analysis using the behavior determination engine with the observations collected from your organization’s traffic – both in the past as well as on an ongoing basis
- Block and report on sessions that are associated with malicious URLs
Correlation and Drill-Down Reveals Malicious Intent
- Attacker and target network devices
- Applications and services involved
- Payloads in transit
- Timeline of the attack
Intuitive, Powerful Interface Enables Analysts to Pivot Data Views on
- IP address of the source of the threat
- IP address of the target of the threat
- Malware sample
- Histograms and top ten occurrences
Other Features Include:
- Monitor in promiscuous mode
- SDN framework used to capture and block network traffic on several protocols and data layers
- Identifies applications such as Facebook, Twitter, LinkedIn, Skype, etc
- Malicious session blocking using an embedded IPS engine
- Near real-time malware analysis performed locally
- Performance of analyzing data streams up to 1 Gbps