With organizations moving to the cloud and remote workers becoming the rule rather than the exception, the definition of the network is changing. Add to this the increasing use of IoT devices, encryption and engagement in shadow IT practices, and it’s easy to see why organizations have trouble keeping their network and systems secure.
What’s more, attackers are changing tactics: they are relying less and less on malware and shifting their focus to stealing legitimate credentials and living off the land by using tools that are already deployed in the environment: scripting languages like Python, system utilities like PowerShell, WMI or PsExec, or Microsoft Office’s macros.
Detecting malicious behavior blended so well with business-justified activity is a challenge. Organizations have tried to address this challenge with solutions ranging from the traditional network forensic vendors like RSA NetWitness as well some of the first-generation network traffic analysis (NTA) tools like Darktrace. The buyer trend is moving towards a combination of these two technologies and that is where Awake Security comes in.
Tracking entities across the network
The Awake Security Platform is focused on analyzing communications, whether those are traditional network packets, traffic crossing a vSwitch, traffic from and within cloud workloads and API calls to SaaS applications or serverless computing instances. It also focuses on operational technology networks that are otherwise completely invisible to the security team.
“The platform connects via traditional network SPAN or TAP / cloud TAP / virtual switch TAP / SaaS APIs to get access to data — packets, communications, and so on. We then construct a security knowledge graph (called EntityIQ) by analyzing all these communications in real-time and discovering the business assets — devices, users and applications — in the organization as well as the destinations and domains on the other end of the communications,” Rahul Kashyap, CEO at Awake, explains.