Threat Detection and Response

Gain visibility and insight into potential threats and risks


Endpoint Threat Detection and Response

Endpoint Threat Detection and Response (ETDR) offers greater visibility at the endpoint and augments signature-based technologies for stronger anomaly detection.

Sensors at the endpoint detect the launch of new processes and compare the MD5 (or SHA) hash of this process to determine if it has been seen before/trusted. This trust list can be established from a baseline, which includes the National Software Reference Library repository maintained by the US Government and supplemented by locally known trusted applications. The sensor can also pinpoint specific applications and detect exfiltration of data.

Threat Intelligence

Since threats are dynamic and attack vectors change constantly, comprehensive threat intelligence from both internal and external sources can enable quick and accurate threat detection and response. This threat intelligence can include data, such as low-reputation IP addresses and URLs, nefarious email addresses, file names, processes and user agent strings. EventTracker easily incorporates threat intelligence from STIX/TAXII-compliant providers, commercial and open source feeds, and internal honeypots into the EventTracker Threat Center - an integration platform for commercial and open source threat feeds. The platform uses this data to reduce false-positives, detect hidden threats and prioritize your most concerning alarms.

Intrusion Detection

An Intrusion Detection System (IDS) plays an essential role in IT security by detecting potentially malicious activity by actively monitoring your network for unusual patterns and behavior, and then sending an alert if anything is detected. Available as a service, EventTracker’s expert staff continuously tune and configure the IDS system and watch for alerts. If any suspicious activity is detected, EventTracker notifies the customer immediately and provides remediation recommendations. We also integrate the IDS system with numerous threat feeds to ensure that a customer’s network can detect even the latest threats.

Threat Deception

A honeynet is a cyber-defense product that thwarts attempts by attackers to gain information about a private network. Comprised of multiple virtualized decoys strategically scattered throughout the network to lure bad actors, honeynets can provide intelligence about malicious activity against the network.

EventTracker HoneyNet is available as part of its managed security service to enables any-sized enterprise to add a deception network layer to its cybersecurity defenses. Integrated with the EventTracker Console, it alerts network administrators of suspicious activity, and provides them with situational awareness view of their network. Learn more