MENU

Cyber Defense (Intrusion Detection and Prevention)

Our range of tools assist you with monitoring your networks and systems for suspicious and malicious activities, as well as policy violations.

We also promote and support tools for continuous vulnerability monitoring. Continuous monitoring overlaps with your other security tools and provides insights across your operational security controls. It also improves threat awareness, and provides the foundation to correlate controls in a way that moves beyond defense of a single system.

The practice of continuous monitoring involves:

  • Identifying your infrastructure,
  • Keeping watch over it and the sensitive data it holds,
  • Knowing its vulnerabilities, and
  • Understanding the causal relationships between events and activities as they happen.

section icon security products Solutions + Partners

  • SSS Security Operations (SecOps) and Services

    The SSS Security Operations (SecOps) Service is a comprehensive Security Operations solution that you can adapt to fit your budget, desired outcomes and environmental context.

    The SSS Security Operations (SecOps) Service is a comprehensive Security Operations solution that you can adapt to fit your budget, desired outcomes and environmental context.

     

    Let us help you stay focussed on the right threats, vulnerabilities and prioritise your efforts.

    • Select only the components that you need.
    • Define the level of service you want to meet your specific requirements.
    • Only pay for the hours or time consumed up to the agreed amount.
    • Monthly payments with no minimum commitment.  Cancel anytime.
    • Discounts apply on contracts of 12 months or more.
    • Free no-obligation demo and trial available. 

    Request your free SecOps demo and trial now

    We combine our expertise with AlienVault's® USM to bring you a powerful Security Operations solution

    • Asset and software discovery and inventory.
    • Security intelligence.
    • Intrusion and anomaly detection and alerting.
    • Automatically prioritise identified security events.
    • Continuous vulnerability monitoring with authenticated and unauthenticated active scanning.
    • File integrity monitoring.
    • Compliance monitoring for PCI DSS.
    • Visibility of dashboards, incident details and log information.
    • Over 19 million threat indicators contributed daily. 

    AlienVault dashboard

      

    SSS Security Operations Service components

    Platform management and support

    • Patching and maintenance of the SIEM platform.
    • Working with your change management process.

    Monitoring

    • Daily monitoring of service, alerts, system health and dashboards.

    Monthly Actionable Reporting

    • Customised to suit your requirements.
    • At a base level includes vulnerability statistics, security event summary, top hosts and users by event, top recommendations and progress on remedial activities.

    Remediation prioritisation and coordination

    • We help you understand your remediation priorities and where to focus your efforts.

    Incident management and response

    • Threat hunting.
    • Investigation management.
    • Reporting.

    Forensic Analysis

    • Specialist forensic analysis.
    • Reporting services. 

    Download a copy of the SSS Security Operations Brochure

     Contact us today

     - - - - - - - - - - - - - - - - - -

    AlienVault logo

    We've built our Security Operations Service on AlienVault® Unified Security Management® (USM).   They deliver built-in intrusion detection systems as part of an all-in-one unified security management console.  With AlienVault® you are able to detect threats as they emerge in your critical cloud and on-premises infrastructure.  Expert threat intelligence is updated every 30 minutes and analysed.  This include data submitted by more than 80,000 participants from more than 140 countries.

    Read More about AlienVault - - - - - - - - - - - - - - - - - -

    Related article how secure are your systems

     Follow us on LinkedIn

  • AlienVault ®

    AlienVault® offers you a new approach to today's evolving security challenge.

    Unified Security for Threat Detection, Incident Response, and Compliance

    AlienVault® offers you a new approach to today's evolving security challenge. 

    AlienVault® Unified Security Management® (USM) delivers built-in intrusion detection systems as part of an all-in-one unified security management console.

    It includes:

    • built-in host intrusion detection (HIDS),
    • network intrusion detection (NIDS), and
    • cloud intrusion detection for public cloud environments including AWS and Microsoft Azure. This enables you to detect threats as they emerge in your critical cloud and on-premises infrastructure.

    AlienVault USM Screenshot

    Click here for the AlienVault USM overview

    Detect threats as they emerge

    To ensure that you are always equipped to detect the latest emerging threats, the AlienVault® Labs Security Research Team delivers continuous threat intelligence updates directly to the USM platform.  Over 19 million threat indicators are contributed daily.

    AlienVault - over 19 million threat indicators contributed daily

    Expert threat intelligence updated every 30 minutes and analysed

    Expert threat intelligence is updated every 30 minutes and analysed.  This threat data is backed by the AlienVault Open Threat Exchange® (OTX™) - the world’s first open threat intelligence community made up of more than 80,000 participants from more than 140 countries.

    AlienVault world map

    AlienVault® enables you to be more effective in your vulnerability management processes

    • Leverage intrusion detection for any environment with built-in cloud IDS, network IDS, and host-based IDS (including File Integrity Monitoring (FIM)).
    • Use the Kill Chain Taxonomy to quickly assess threat intent and strategy.
    • Make informed decisions with contextual data about attacks, including a description of the threat, its method and strategy, and recommendations on response.
    • Use automatic notifications so you can be informed of key threats as they happen.
    • Work more efficiently with powerful analytics that uncover threat and vulnerability details in an all-in-one console.

    What do you get?

    • Asset discovery and inventory
    • Vulnerability assessment
    • Intrusion detection
    • Endpoint detection and response
    • SIEM and Log Management
    • Behavioural Monitoring
    AlienVault online demo button

     

  • Darktrace Self-Learning Cyber Defense

    Darktrace deals with breach identification, breach remediation and insider threats by automatically alerting you to anomalies within your environment and allowing you to play events back through a threat visualiser.

    Darktrace deals with breach identification, breach remediation and insider threats by automatically alerting you to anomalies within your environment and allowing you to play events back through a threat visualiser.

    Identifying a breach can take a very long time - one study measured this as an average of 146 days! Once identified you then have the additional time needed to discover what the attacker/insider has compromised and what damage has been done. Often attackers will move through an environment to give themselves multiple areas for re-entry in case of a detection and to get access to more data/accounts.

    It’s often very difficult to cut through the noise that event management and SIEM technologies create to get the information you need.

    Darktrace automates breach identification and remediation through network and machine learning. The tool discovers what normal user and machine behaviour looks like and then alerts your team (or the SSS team) to any anomalies within your environment. In addition it will allow your team (or ours) to play the event back through a visualiser that shows the threat through a 3D interface of your network topology.

     

    Below is a summary of the six core elements of the Darktrace solution set:

     

    1.DarkTrace Core:

    Physical Appliance similar to a SIEM or TRIM solution but it is cutting a lot of the ‘noise’ down that Customers have to pay attention to.

    Darktrace (Core) is the Enterprise Immune System’s flagship threat detection and defense capability, based on unsupervised machine learning and probabilistic mathematics.

    Powered by advanced machine learning, together with a new branch of Bayesian probability theory, developed by mathematicians from the University of Cambridge, Darktrace is the only genuinely self-learning cyber defense technology proved to work at scale. It is capable of detecting cyber-threats and anomalous behaviors that bypass traditional security tools, without prior knowledge of specific threats, or using rules or signatures.

    Darktrace works by analyzing raw network data, creating unique behavioral models for every user and device, and for the relationships between them.

    Benefits

        Adaptive – evolves with your organization

        Self-learning – constantly refines its understanding of normal

        Probabilistic – works out likelihood of serious threat

        Real-time – spots threats as they emerge

        Works from day one – delivers instant value

        Low false positives – correlation of weak indicators

        Data agnostic – ingests all data sources

        Highly accurate – models human, device and enterprise behaviour

        Installs in 1 hour – no configuration

     

    2. Darktrace Threat Visualizer

    The Threat Visualizer is Darktrace’s real-time, 3D threat notification interface. As well as displaying threat alerts, the Threat Visualizer provides a graphical overview of the day-to-day activity of your network(s), which is easy to use, and accessible for both security specialists and business executives.

    Using cutting-edge visualisation techniques, the Threat Visualizer user interface automatically alerts analysts to significant incidents and threats within their environments, enabling analysts to proactively investigate specific areas of the infrastructure.

    Benefits

        3D visualisation of entire network topology

        Real-time global overview of enterprise threat level

        Intelligently clusters anomalies

        Pan-spectrum viewing – higher-order network topology; specific clusters, subnets, and host events

        Searchable logs and events

        Replay of historical data

        Concise summary of overall behaviour for device and external IPs

        Designed for business executives and security analysts

     

    3.DarkTrace ICS

    Industrial Control Systems & SCADA

    Darktrace ICS, also known as the Industrial Immune System, is a fundamental innovation that implements a real-time ‘immune system’ for operational technologies, such as SCADA, and enables a fundamental shift in the approach to cyber defense.

    Darktrace ICS retains all of the capabilities of Darktrace in the corporate environment, creating unique, behavioural understanding of the ‘self’ for each user and device within the network, and detecting threats that cannot be defined in advance by identifying even subtle shifts in expected behaviour. 

    Benefits

        Unprecedented visibility into ICS activity

        Protects against insider threat, including operators and privileged users

        Detects threats in real time

        Coverage of both IT and OT environments

        Correlates actions over time, for refined understanding of ‘normal’

     

    4. Darktrace Antigena -  This is their remediation and protection module.

    The machine fights back

    When the human immune system is faced with a new threat, not only can it detect it, but it produces antibodies that bind to it, and ultimately neutralise it. Darktrace Antigena replicates this function of the human immune system, by creating ‘digital antibodies’ in response to in-progress threats.

    Antigena acts automatically to restrain or contain threats quickly enough to allow humans to catch up. It could only take 20 minutes for a major threat, such as a ransomware attack, to evolve into a crisis – Antigena’s automated action slows, or stops threats in a targeted fashion, to provide security teams with a vital time window in which to take mitigating action.

    Antigena’s response capability allows organisations to directly fight back, and networks to self-defend against specific threats, without disrupting your organisation.

    Darktrace Antigena modules are deployed as physical appliances, complementing the core Darktrace appliance. They can also interface with Software Defined Networks (SDNs) and Active Directory, and are fully configurable.

        Antigena Internet – Regulates user and machine access to the internet and beyond

        Antigena Network – Regulates machine and network connectivity and user access permissions

        Antigena Email – Regulates email, chat and other messaging protocols

     

    Benefits 

        Directly inoculates against a full range of threats

        Prevents, slows, or disrupts activity in real time

        Self-defends and self-improves

        Stops threats before they spread

     

    5. Darktrace Virtulization (vSensor  & OS-Sensor)

    Darktrace vSensors 

    Darktrace vSensors are lightweight software components that extend Darktrace’s visibility in virtualized environments. It provides the Enterprise Immune System with comprehensive visibility of today’s distributed infrastructures.

    vSensor software is installed as a ‘virtual appliance’ configured to receive a SPAN from the virtual network switch. This allows it to capture all inter-VM traffic, without a single packet being lost or dropped by the system. It stores the packet captures on a rolling basis, optimising the disk space and I/O performance and ensuring that there is minimal impact on the performance of the server. Only one vSensor needs to be installed on each hardware server, allowing for scalability.

     

    Darktrace OS-Sensors

    Darktrace OS-Sensors are lightweight, host-based server agents that extend Darktrace’s visibility into third-party cloud environments, including Amazon AWS, Rackspace, and Microsoft Azure.

    OS-Sensors intelligently extract single copies of network traffic for analysis by the master Darktrace appliance. They are easily installed onto virtual machines in the cloud and capable of dynamically configuring themselves to avoid data duplication and streamline bandwidth use. Working in conjunction with vSensors, data is aggregated and fed back to the master appliance, via a secure connection.

     

    Benefits

        Ingests virtual traffic from a limited set of IPs

        Sends data efficiently and securely to the Darktrace master appliance

        Sends approximately 1% of the original raw network data ingested to the master appliance

        Works with third-party clouds

     

    6. DarkTrace SaaS Connectors

    Extending self-learning detection to rich user data in SaaS platforms

    As organisations embrace cloud applications, significant blind spots have developed beyond the traditional enterprise network. Valuable enterprise data and rich user interactions within SaaS applications contain critical security insights, but are not always accessible to IT security teams.

    Darktrace SaaS Connectors provide coverage of these rich datasets, extending the power of Enterprise Immune System technology into previously-unseen areas of your infrastructure, including:

        User logins

        Data transfers

        Download data

        Software updates

     

    Benefits 

        Complete visibility of user interactions within SaaS applications

        Easy install — less than an hour

        Early-stage threat detection

  • Tripwire

    Breaches, exploits and cyber-attacks that prey on ambiguity, gaps and oversights put your sensitive data at risk.

    Breaches, exploits and cyber-attacks that prey on ambiguity, gaps and oversights put your sensitive data at risk. To protect it, you need control over security configurations and changes, and visibility into events of interest across physical, virtual and cloud-based IT infrastructures. Tripwire VIA gives you control of your IT infrastructures to protect your organization's critical data.

    Tripwire provides: