Awake Security Platform Fall 2018 Update: Advanced Network Traffic Analysis for Uncovering Malicious Network Activity
As the industry begins to get malware under control using tools such as network intrusion detection systems (IDS) and sandboxes, non-malware threats (insider attacks, credential abuse, lateral movement, data exfiltration, etc.) have emerged as the next challenge for businesses seeking to uncover malicious network activity.
The biggest problem with these threats is that they tend to blend in with employees’ day-to-day, business-justified activity. This means security teams can’t just look for known-bad activities that raise “red flags,” they must also have insight into the grey area—any activities and behaviors that might look “good” but are driven by mal-intent.
Given security teams’ limited time and resources, we need to find ways to identify and warn analysts about this type of activity without creating more alerts and false-positives. In the past, this was a slow, manual investigative or hunting process, often impossible to do thoroughly for anyone but the most experienced top-tier analysts. And as the universe of IT assets grows beyond its traditional footprint to the Internet of things (IoT), cloud, and other such initiatives, ferreting out the bad actors becomes that much more difficult.
A New Approach to Threat Detection and Response
Awake Security is making strides to help organizations address these issues through technology innovations. Rather than focusing on the “known-bad,” we’re enabling security teams to find the unknown unknowns by tracking entities and then profiling and comparing the most similar entities on their specific network. This helps to cut through the noise that results from simple “baselining” of activity.
In addition, this entity-centric approach gives the Awake Security Platform a unique ability to spot sophisticated attacker tactics, techniques and procedures (TTPs) that only a highly-experienced analyst could see previously. These advanced detection “skills” are built into the platform, empowering analysts at every level to spot threats early in the attacker lifecycle and cut response time.
In our Fall release of the Awake Security Platform, we’ve introduced several new features that further this mission. We’ve enhanced detection, deployment, investigation, and response capabilities for Level 1, 2, and 3 analysts, as well as for the security operations, network operations, and compliance teams. These include a robust detection platform, rich visualization and threat mapping, automated triage with risk ratings, and more.
You can learn more about the Fall release of the Awake Security Platform at https://awakesecurity.com/news/awake-security-uncovers-malicious-intent-across-on-premise-internet-of-things-and-cloud-infrastructure/, but we’d love to show you the platform in action. Schedule a demo with us at https://awakesecurity.com/schedule-a-demo/, or connect with the team at [email protected] to learn more.
By Rajdeep S. Wadhwa