How it Works

CyberShield-diagramEventTracker CyberShield is a secured cloud service offering with 24/7 security and operation monitoring. A simple and affordable solution for a very critical business need, EventTracker CyberShield uses our award-winning EventTracker Enterprise software platform coupled with a staff of trained security professionals to oversee your information security needs.

Sign up and in minutes, your critical systems are protected. Once the EventTracker CyberShield Monitoring Sensor is deployed on your critical end points, our powerful behavior correlation technology will separate your normal network, system and user activities from abnormal activities, which are examined and rated by one of our security experts in real-time.

Once EventTracker CyberShield learns and analyzes your enterprise’s remote communication patterns, any aberrant or uncharacteristic communication patterns are extracted and compared against global threats in real-time, with a powerful correlation tool to identify potential breaches as they are happening.

When a threat is identified, our trained CISSP security experts determine the impact to your enterprise and contact you immediately.

  • Detection: Real-time notification when potential intrusion occurs
  • Response: Detection is rated on risks associated with the intrusion
    • Intrusion is compared with the global threat center to determine if there are any known bad actors (IP address, process, or malware) involved
    • New behavior and/or new communications are rated based on the country of origin, the reputation of the involved IP, port, process and application
    • All communications are compared with global and local whitelists and blacklists
  • Protection: All high risk connections will be terminated immediately to minimize damage
  • Secured Dashboard: The customized dashboard enables you to see activity history and alerts, create trouble tickets, run searches and reports
  • Post Analysis: To support your investigation, a report is provided to your system or security administrator which reviews
    • Any unauthorized file changes during time of intrusion
    • Any out-of-ordinary user and privileged activities – (e.g., system admin activity, system changes, software or application installation)
    • Logon and logon failures of all users
    • Abnormal audit success and failures