Intrusion detection systems listen passively or inline to the network traffic and match the traffic to a set of predefined rules or criteria. By analysing network traffic they can alert you about the suspicious or malicious traffic signatures it finds and enable security operation centers to take corrective action.
One of the key elements to determine an occurrence of a network intrusion is by analysing what is the normal behaviour of the network. Detecting a network or host based intrusion requires more than one set of tools to cover the wide range of attacks that today's attackers adopt.
EVI can operate in both inline and passive modes to detect both network and host based intrusions. Additionally a large number of verified rules are provided out of the box with lifetime updates to stay upto date with the current threats that pose a risk to enterprise security. Easy Integration into existing network management tools or out of the box integration into our Network Device Monitoring Tool “Net-DMT” and in house SIEM engine provides a round the clock shield against external intrusions.
IP headers usually contain source and destination information which may not be a reliable source to identify bad network traffic. Deep Packet Inspection provides advanced filtering techniques by analysis of non-header content (actual payload) of packet data and suggest or apply corrective actions.
Packet capture provides information about individual packets such as transmit time, source, destination, protocol type and header data which can assist in evaluating security events and troubleshooting network security device issues. By capture and detailed inspection of network traffic, real evidence can be obtained for a historical security threat or prevention of a security breach to an enterprise.
EVI can decrypt various network traffic protocols by either a live packet capture or offline analysis and provide an in-depth insight into your network packet data. In addition it also provides packet dissection for deeper network forensics and assisting in detecting inappropriate URL’s, intrusion attempts, malware and data leaks.
An Advanced Persistent Threat (APT) is a network intrusion where the objective is to obtain unauthorised access to a network or its resources and stay undetected for a long period of time. The usual intent of an APT is to steal data rather than to cause damage to a network or enterprise by maintaining access without discovery.
Organisations possessing high-value information such as defence, financial institutions, government and public services are common ATP targets. Although APT attacks are difficult to identify the data loss can be discovered on time with a set of efficient ATP tools.
EVI incorporates live updated threat data from a wide range of sources that provide an up to date database for malicious hosts and APT’s. Multiple data sources such as machine logs and network behavior analytics contribute to our correlation algorithms that help detect advanced persistent threats that may cause damage to your organisation.
Malware propagation via antivirus and firewalls is not uncommon with today's networks and its assets. Detecting and eradicating malware infections along with incident and event analysis is an efficient strategy against malware. Sandbox capabilities are also essential to understand malware behavior and intention of deploying it.
Keeping upto date with malware and threat feeds in conjunction with vulnerability assessments EVI runs configurable automated scans to detect any malware present in a host or network. Using various correlation techniques on machine and network specific data as well as configuration or file changes, alerts can be generated to take remedial action against malware or to sandbox is for inspection and removal.
Indicators of compromise (IOC’s) provide key information to detect data or network breaches. Monitoring network for unusual activity can proactively assist in preventing an attack if indicators of compromise are correctly defined for a specific environment. As compromised systems always call home it is essential to monitor outbound traffic and provide perimeter security. Monitoring unusual privileged account behaviour can also assist in detecting insider threats or account takeover.
EVI uses various malware and threat intelligence feeds combined with analysis from historical data to correctly define indicators of compromise. Alerting in real time with log correlation enables quick remediation procedure for a compromised indicator. Periodic port scanning and updating application to port mapping, alerts can be generated for any mismatched port-application traffic.
Since traditional security monitoring tools don’t focus on analysis of user behaviour to detect insider threats or signs of malware, it is key to aggregate and analyse terabytes of network traffic as well as event that are generated when an alert criteria is satisfied. Log management and SIEM tools traditionally share this workload and provide this information.
Using historical trend analysis from security events EVI provides various alerting levels to identify pre-defined suspicious user behaviour. Monitoring irregularities in network traffic our solution can give an insight into any unsuspected intrusions or beaconing by malware.
Leveraging machine learning algorithms in complement with big data storage and analysis tools our solution unifies, indexes and normalises log and machine data in order to alert and present any anomalies in standard or normal network behavior.
IoT and BYOD pose a huge challenge to today’s organisations as traditional endpoint security tools and agents are not supported by them. All endpoints connected to an enterprise network must be identified and analysed to ascertain presence of enforced network access policies. Once an authorised device and user access an enterprise network, both device and user behaviour should be continuously monitored in order to force network access whitelist and security policies.
EVI keeps an up to date inventory of endpoint and network devices as well as the application usage policies and access control policies. Utilising these configurable policies in conjunction with historical vulnerability assessments our machine learning algorithms can update existing or new policies and provide a round the clock endpoint protection.
Security Information and Event Management (SIEM) systems enable an enterprise to centrally log and analyse machine and log data that it receives from various network devices or hosts. SIEM systems can assist not only in security compliance of an enterprise but can also be configured to stop certain attack types.
EVI utilises big data analytics and proprietary log correlation algorithms to identify false positives and reduce the amount of events and alerts that are generated in a traditional SIEM systems. Integrating unified logging and consolidation techniques our solution can collect logs from various sources that an enterprise may have.
Constantly updated threat intelligence data as well as analysis from historical log collection our SIEM solution provides precise alerts for security events that occur in your network.
Vulnerability management is discovering weaknesses in your network and managing them until they are successfully removed or their potential impact is mitigated. It plays a crucial role in finding a variety of technical vulnerabilities in an environment, prioritizing the resulting risk, and improving the overall security posture by addressing those likely to lead to incidents.
The precise method to secure a system is to first assess the existing vulnerabilities on each machine, determine the degree of risk for each machine's vulnerability, and then remediate the vulnerabilities.
EVI incorporates an in-built vulnerability scanner that scans your network assets round the clock or at scheduled intervals and matches them to constantly updated out of the box vulnerability assessment policies.
Analysing historical data and using machine learning our solution efficiently determines false positives and gives an accurate view of vulnerabilities present in your network and assist in devising a remedial response.