EventTracker Security Center

Threatscape 2015*

clock

200 days

is average time attackers stay in a network before detection

thumbprint

Over 75%

of all network intrusions are traced back to compromised credentials

antivirus

100%

of victims had up-to-date Antivirus

breach

63%

of breaches are reported by third parties

The Attack Profile

etsc-attackprofile-breachhead

Establish Beachhead

etsc-attackprofile-movement

Lateral Movement

etsc-attackprofile-exfiltration

Exfiltration

Once they’ve gained entry into your network, attackers will establish a beachhead. They may convert network nodes into bots that respond to command and control activity in order to ensure that they have wide access in the event one compromised node is discovered. The infiltration of your network will be a slow, measured effort: “hit and run” tactics are not employed by the hackers, who will be using their access to probe your network to find valuable data and move the information to a central location where they’ll exfiltrate it.

Secure your network now

Our award winning platform identifies malware, unusual behavior and suspicious network traffic and lets you know when you’ve been compromised. The threatscape mutates constantly. Keeping up with it, at scale across all assets, is a full time job for experts. With our SIEM Simplified service, we install and run EventTracker on your premises and monitor your network so you can keep your focus on everything else that’s on your list.

Combat Detection Deficit

ETSC-combat-compromise
Use of compromised credentials
ETSC-Combat-unknownprocess
Unknown processes on the endpoint
ETSC-combat-malware
Detection of listed and unlisted malware
ETSC-combat-unusual-network
Unusual network traffic

Indicators of compromise exist even when the attackers are dormant. EventTracker delivers powerful new features to combat detection deficits that occur from a lack of resources or a lack of awareness, and identify evidence that attackers are in your network.

Our advanced security analytics includes User Behavior Analysis (UBA) that alerts you to unexpected or unusual user behavior and out of ordinary access, and Digital Forensics and Incident Response (DFIR) capabilities that monitor for anomalies and examines suspicious network.

Cybersecurity: Ready or not?

Before an attack

Discover. Enforce. Harden.

Cybersecurity-shield

You need to know your network in order to defend it. Discover the vulnerabilities in your devices and applications. Apply secure configuration to reduce your attack surface.

EventTracker Vulnerability Assessment Service helps avoid attacks by identifying vulnerable systems and versions, and by providing detailed recommendations on remediation.

EventTracker Configuration Assessment compares your existing configuration against baselines from Microsoft, DISA, or the USGCB. Secure configuration is an economical method to reduce attack surface.

During an attack

Detect. Block. Defend.

Cybersecurity-network

Today’s threatscape includes advanced malware and zero-day attacks. You need quickly deployed, low resource, accurate threat detection to continuously identify malicious activity on your network.

EventTracker integration with top-of-the-line threat intelligence feeds quickly detects and alerts on unknown processes or low reputation endpoints interacting with assets inside the enterprise network.Rapidly refined internal whitelisting is used to reduce false positives. Correlation of unknown processes interacting with low reputation sites delivers pinpoint alerts.

EventTracker Endpoint Protection detects insertion/removal of unauthorized mass storage devices including USB sticks and writable CD/DVDs. Log all activity or block access per policy.Risk prioritized alerts – when properly tuned provide excellent, low noise notification of ongoing attacks.

After an attack

Scope. Contain. Remediate.

Cybersecurity-attackers

Perfect protection is not practical. Therefore monitoring is necessary to determine the scope of the damage, contain the event, remediate, and return operations back to normal.

Explore log data with fast indexed search and endless refine. Drill by log source, time, smart tokens, and patterns in description or a combination to quickly get to the bottom. Export data to the datamart for deep dives.

Built in Incident Handlers Handbook based on a model from SANS. Quickly record all actions taken and results from forensic analysis in a central location. Send results via email and/or export to Excel.

* Verizon 2015 PCI Compliance Report