CIRT Brochure
WHAT YOU DON’T KNOW
CAN HURT YOU. Cyber Intelligence & Response Technology (CIRT)
Eliminate Your Cyber Security Blind Spots… The traditional cyber security infrastructure is riddled with blind spots… open doorways for threats you can’t see, because the tools you’re relying on can’t see them. Cyber Intelligence & Response Technology (CIRT) is designed to eliminate your blind spots, allowing you to catch the data leakage your DLP misses, detect the new malware your IDS and antivirus don’t recognize, and even monitor Internet activity of employees when they are not logged into your network. The CIRT platform is a game changer for organizations looking to fill the detection, analysis and remediation gaps that currently exist in the typical information security architecture. The platform integrates computer, network and malware analysis, large-scale data auditing and remediation. So you’re able to see all critical analysis through a single pane of glass, perform batch remediation to stop the bleeding at the first sign of a breach, and create threat profiles to prevent threat recurrence. Furthermore, it serves as a virtual war room, in which multiple cyber security teams can collaborate in real time.
Can you do this today? • • • • •
Scan your enterprise to identify malicious code that antivirus and IDS have missed, triage those binaries, and determine behavior and intent before passing onto a malware team? Audit computers across your enterprise itemizing all machines containing confidential or classified data spillage? Monitor employees outside your network to see what they are doing on their company laptops, including their internet activity? Engage bi-directional removable media monitoring to not only catch sensitive data being copied over, but to see what’s being downloaded onto the users’ computers? Collaborate in real-time, via a secure Web interface, with all CIRT team members during an incident.
Top 3 Reasons You Struggle To Defend Your Domain The following weaknesses in the current information security model make you dangerously inefficient during a security breach investigation. 1. Inherently Handicapped Tools: Signature-based tools (IDS, antivirus, etc) and DLP solutions only catch what you tell them to look for. 2. Juggling Several Disparate Products: Network forensics, computer forensics, malware analysis… critical analysis is piecemeal, not integrated. 3. Disparate Teams that Can’t Collaborate in Real-time: Computer forensics, information assurance, compliance, malware, network security… each team uses its own tools and they must verbally correlate findings with each other in person.
End the Struggle with CIRT. Perform all critical analysis within a single platform.
Host Forensics Network Forensics
Data Auditing Removable Media Monitoring
Malware Analysis
Eliminate Your Blind Spots and Address your Greatest Security Challenges with a Single, Integrated Platform Proactive Reactive Virtual Workforce Security
Telecommuting and traveling employee laptops check in at intervals to be scanned for anomalies which are all recorded, including network and USB activity. Remote monitoring helps to identify any data theft or security breach.
Classified / Confidential Data Spillage
An organization proactively audits using terms, such as “eyes only” or regular expressions with credit card or social security patterns. All instances are flagged for removal in accordance with federal agency or corporate policies. CIRT can also wipe all data spillage automatically.
Unknown Malware and Zero Days
A scan of machines across the enterprise delivers threat scores for all binaries. Binaries with high threat scores are automatically disassembled and emulated to enumerate functions, determining behavior and intent without white lists or black lists and WITHOUT running binaries in a sandbox. Host data and network traffic is correlated to validate threats and map propagation. Batch remediation kills and wipes malicious processes on all affected computers. CIRT monitors for recurrence.
Removable Media Monitoring
Employees with access to intellectual property are attending a conference. Bidirectional removable media monitoring is activated to see files copied onto media, as well as any files or binaries downloaded from media.
Monitoring of Critical Data Repositories Using the SilentRunner full-packet capture, network forensics technology in CIRT, critical data repositories are monitored in real time for suspicious behavior.
Intrusion Alert
Unauthorized port 443 traffic triggers an alert, and the alerting solution’s integration with CIRT, kicks off automated response activities. Network communications are visualized and CIRT drills down into the suspect host to perform behavioral forensic analysis. Honeypot avoidance, crypto, dynamic loading, high entropy and other criteria indicate malware. The enterprise is scanned to identify other affected computers, and batch remediation kills and wipes malware from all systems. A threat profile is generated and CIRT monitors for recurrence.
Data Spillage Reported
An employee discovers credit card information in an unsecure location. Individual computers, shares, servers and databases are audited to locate exposed credit card information on all machines. Locations of spillage are logged for remediation. (When policies allow, you can wipe all unauthorized files. All actions are logged for reporting purposes.)
Add SSL Locksmith to CIRT and Gain Visibility into Encrypted Network Communications A gaping hole in today’s enterprise security architectures is the inability to see encrypted network communications. A large number of enterprise and Internet-based applications use SSL, such as Microsoft SharePoint, Salesforce.com, SAP, Oracle, WebEx, Windows Update, Google business applications (Gmail, docs, sites) and Instant Messaging. Organizations deploy a long list of network security solutions to meet security and compliance requirements. However, many of these devices cannot scan encrypted communications for threats or monitor encrypted communications for data leakage. This leaves the door wide open for rogue applications, unrestricted Web surfing, virus and spyware distribution, data theft and more – all over SSL.
SSL Locksmith Eliminates This Vulnerability
SSL Locksmith brokers SSL connections by validating and creating new internal certificates. A secure and flexible solution, clients can use their own certificates or one provided by SSL Locksmith in order to broker SSL transactions. In addition, the solution was designed with fail to wire bypass functionality to prevent disruption in service should the hardware fail.
Works with Any Packet Analysis or Capture Solution
SSL Locksmith can be used with all packet analysis and capture solutions, including intrusion detection and prevention systems, data leakage prevention systems, network forensics solutions and web content monitoring solutions.
White List and Black List Filters
Whitelist and blacklist filters allow you to control which sites / connections are decrypted to ensure your compliance with privacy policies and regulations.
CORPORATE HEADQUARTERS 801.377.5410 588 West 400 South Suite 350 Lindon, UT 84042 USA
NORTH AMERICAN SALES 800.574.5199 Fax: 801.765.4370 [email protected]
INTERNATIONAL SALES +44 (0)20 7010 7800 [email protected]
www.accessdata.com
CAN HURT YOU. Cyber Intelligence & Response Technology (CIRT)
Eliminate Your Cyber Security Blind Spots… The traditional cyber security infrastructure is riddled with blind spots… open doorways for threats you can’t see, because the tools you’re relying on can’t see them. Cyber Intelligence & Response Technology (CIRT) is designed to eliminate your blind spots, allowing you to catch the data leakage your DLP misses, detect the new malware your IDS and antivirus don’t recognize, and even monitor Internet activity of employees when they are not logged into your network. The CIRT platform is a game changer for organizations looking to fill the detection, analysis and remediation gaps that currently exist in the typical information security architecture. The platform integrates computer, network and malware analysis, large-scale data auditing and remediation. So you’re able to see all critical analysis through a single pane of glass, perform batch remediation to stop the bleeding at the first sign of a breach, and create threat profiles to prevent threat recurrence. Furthermore, it serves as a virtual war room, in which multiple cyber security teams can collaborate in real time.
Can you do this today? • • • • •
Scan your enterprise to identify malicious code that antivirus and IDS have missed, triage those binaries, and determine behavior and intent before passing onto a malware team? Audit computers across your enterprise itemizing all machines containing confidential or classified data spillage? Monitor employees outside your network to see what they are doing on their company laptops, including their internet activity? Engage bi-directional removable media monitoring to not only catch sensitive data being copied over, but to see what’s being downloaded onto the users’ computers? Collaborate in real-time, via a secure Web interface, with all CIRT team members during an incident.
Top 3 Reasons You Struggle To Defend Your Domain The following weaknesses in the current information security model make you dangerously inefficient during a security breach investigation. 1. Inherently Handicapped Tools: Signature-based tools (IDS, antivirus, etc) and DLP solutions only catch what you tell them to look for. 2. Juggling Several Disparate Products: Network forensics, computer forensics, malware analysis… critical analysis is piecemeal, not integrated. 3. Disparate Teams that Can’t Collaborate in Real-time: Computer forensics, information assurance, compliance, malware, network security… each team uses its own tools and they must verbally correlate findings with each other in person.
End the Struggle with CIRT. Perform all critical analysis within a single platform.
Host Forensics Network Forensics
Data Auditing Removable Media Monitoring
Malware Analysis
Eliminate Your Blind Spots and Address your Greatest Security Challenges with a Single, Integrated Platform Proactive Reactive Virtual Workforce Security
Telecommuting and traveling employee laptops check in at intervals to be scanned for anomalies which are all recorded, including network and USB activity. Remote monitoring helps to identify any data theft or security breach.
Classified / Confidential Data Spillage
An organization proactively audits using terms, such as “eyes only” or regular expressions with credit card or social security patterns. All instances are flagged for removal in accordance with federal agency or corporate policies. CIRT can also wipe all data spillage automatically.
Unknown Malware and Zero Days
A scan of machines across the enterprise delivers threat scores for all binaries. Binaries with high threat scores are automatically disassembled and emulated to enumerate functions, determining behavior and intent without white lists or black lists and WITHOUT running binaries in a sandbox. Host data and network traffic is correlated to validate threats and map propagation. Batch remediation kills and wipes malicious processes on all affected computers. CIRT monitors for recurrence.
Removable Media Monitoring
Employees with access to intellectual property are attending a conference. Bidirectional removable media monitoring is activated to see files copied onto media, as well as any files or binaries downloaded from media.
Monitoring of Critical Data Repositories Using the SilentRunner full-packet capture, network forensics technology in CIRT, critical data repositories are monitored in real time for suspicious behavior.
Intrusion Alert
Unauthorized port 443 traffic triggers an alert, and the alerting solution’s integration with CIRT, kicks off automated response activities. Network communications are visualized and CIRT drills down into the suspect host to perform behavioral forensic analysis. Honeypot avoidance, crypto, dynamic loading, high entropy and other criteria indicate malware. The enterprise is scanned to identify other affected computers, and batch remediation kills and wipes malware from all systems. A threat profile is generated and CIRT monitors for recurrence.
Data Spillage Reported
An employee discovers credit card information in an unsecure location. Individual computers, shares, servers and databases are audited to locate exposed credit card information on all machines. Locations of spillage are logged for remediation. (When policies allow, you can wipe all unauthorized files. All actions are logged for reporting purposes.)
Add SSL Locksmith to CIRT and Gain Visibility into Encrypted Network Communications A gaping hole in today’s enterprise security architectures is the inability to see encrypted network communications. A large number of enterprise and Internet-based applications use SSL, such as Microsoft SharePoint, Salesforce.com, SAP, Oracle, WebEx, Windows Update, Google business applications (Gmail, docs, sites) and Instant Messaging. Organizations deploy a long list of network security solutions to meet security and compliance requirements. However, many of these devices cannot scan encrypted communications for threats or monitor encrypted communications for data leakage. This leaves the door wide open for rogue applications, unrestricted Web surfing, virus and spyware distribution, data theft and more – all over SSL.
SSL Locksmith Eliminates This Vulnerability
SSL Locksmith brokers SSL connections by validating and creating new internal certificates. A secure and flexible solution, clients can use their own certificates or one provided by SSL Locksmith in order to broker SSL transactions. In addition, the solution was designed with fail to wire bypass functionality to prevent disruption in service should the hardware fail.
Works with Any Packet Analysis or Capture Solution
SSL Locksmith can be used with all packet analysis and capture solutions, including intrusion detection and prevention systems, data leakage prevention systems, network forensics solutions and web content monitoring solutions.
White List and Black List Filters
Whitelist and blacklist filters allow you to control which sites / connections are decrypted to ensure your compliance with privacy policies and regulations.
CORPORATE HEADQUARTERS 801.377.5410 588 West 400 South Suite 350 Lindon, UT 84042 USA
NORTH AMERICAN SALES 800.574.5199 Fax: 801.765.4370 [email protected]
INTERNATIONAL SALES +44 (0)20 7010 7800 [email protected]
www.accessdata.com
