Enterprise Networks
Industry Overview
With the rapid growth of corporate networking, the connected PC, and the Internet - a highly connected, high-speed delivery mechanism, more targets have emerged in the enterprise. Botnets, or “cyber armies”, have fundamentally changed the face of malware, making it
- more powerful, with the
- ability to reach farther, and
- for longer periods of time.
The industry response has been new information security devices and procedures designed to stop the new malware, which has continued to evolve into targeted attacks, e.g., industrial espionage, targeted theft of valuable information, publicity stunts, and personal attacks such as revenge, spying and identity theft. The response is still overwhelmed by attacks.
The Challenge
With the onslaught of modern cyber-attacks on high profile and high value targets, it is becoming apparent that the state of information security is critically lagging in this new cyber attack environment. The cybersecurity tools for countering threats and mitigating risk have been ineffective. As this advanced malware continues to evolve, new mechanisms must be designed to detect and identify systems that have been infected.
Current Information Assurance (IA) defenses are mainly focused on a layered, perimeter defense and designed to guard against malware entering the network, or to prevent the initial infection entering the host system. IA defense relies heavily on recognizing signatures and the behavior of specific malware. The idea behind this layered approach is that what is missed at one layer is caught by another. This approach is no match for the sophistication and determination of attackers that carry out advanced malware missions. The simple fact is - even though “defense-in-depth” is the predominant security mechanism in place today, successful attacks are increasing.
Even the idea of “host-based” security control is failing under the relentless power of advanced malware. It has been demonstrated that it takes approximately 150 lines of code to develop a new attack variant, but may require over a million lines of code to defend against that attack.
The Solution
ISC8 is leading the way with innovative automated techniques to enhance network security by detecting threats in real time -- today and into the future with Cyber adAPTtm.
We have developed a new way of adapting to the challenge that reaches beyond the initial intrusion, to search for signs across all phases of the advanced malware lifecycle. Detecting the interworking of advanced malware requires monitoring traffic within the enterprise’s internal network. Even though malware cannot be stopped at the perimeter, if it resides within the network, it will communicate over that network. This advanced malware has evolved to be even more dependent on the underlying network for control, propagation, and payload functionality.
A comprehensive enterprise cyber security infrastructure must combine on-line prevention and protection with off line historical visibility and analytics. Unfortunately, current off line visibility of network activity is limited to machine and log data or small scale packet capture. The result is a significant “coverage gap” in the ability of network security professionals and IT administrators to determine what happened over their networks.
Cyber NetFalcontm fills this gap and revolutionizes visibility into historical network activity. Cyber NetFalcon is a comprehensive system that enables IT professionals to perform real time analytics on long term, large scale records of network communications and activity. The system combines Deep Packet Inspection, Big Data, and powerful analytic technologies to provide the best solution to look back in time on the network and rapidly deliver actionable information. Unlike existing technologies such as traditional packet capture or targeted interception, the system provides advanced capabilities by extracting contextualized network data in massive scale (hundreds of Gbps), retaining it for virtually unlimited time periods (months or years), and performing real time data correlation and analytics to provide instantaneous responses to queries. Cost effective to deploy and scale, Cyber NetFalcon is currently deployed in a variety of demanding environments.