Identify who has access to what

• View, manage and audit security

 

• Document security (XLS, CSV, PDF)

 

• View explicit, inherited and granular rights

 

• Get a user-centric and object-centric view of security

 

Shorten time required for upgrades

• Spend less time on administrative and analytic tasks

 

• Bulk update crystal connections and report instances

 

• Bulk re-point Webi (UNV to UNX, update BEx/BICS queries)

 

• Update Webi variables en masse

 

Simplify audits and administrative tasks

• Archive objects content & report instances (WID, PDF, XLS, CSV, text)

 

• Automate any administrative task (update owners, purge reports, update recurring instances, etc.)

 

• Clean up unused content and dormant users

 

• Data Catalog for documents

 

Explore your content

• Drill down capabilities with export

 

• Replace Query Builder

 

The only way to stop cyber-enabled crimes is to unmask whoever is truly behind it. By identifying bad actors, you can recover funds, freeze accounts, takedown infrastructure — and, most importantly, thwart additional attacks and exploitations. For even the most advanced intelligence operations, however, identifying threat actors can be a slow and difficult process. And one with many dead ends. That’s where 4iQ IDHunt comes in. We help investigators analyze monikers or pseudonyms and other identity related attributes, connect the dots and unmask bad actors around the globe, by combining open source intelligence and our one-of-a-kind 4iQ IDLake. 4iQ IDHunt Core IDHunt Core is an easy to use web application for intel analysts to analyze personas, enhance attribution analysis, and uncover the real identities behind criminal activities.

• Targeted Threat Analysis. Instead of searching for a needle in a haystack, investigators start with what they already know – suspected bad actors – and search the 4iQ IDLake to begin making connections.
• Accelerate Findings. 4iQ has spent years curating and verifying billions of identity records, so that you can more efficiently unmask adversaries — sometimes within a matter of hours.
• Analytics. A single actor analysis can require hundreds of pivots. With 4iQ IDHunt, you can automatically connect the dots, generate graphs and calculate maliciousness scores in seconds.
• No Training Required. 4iQ IDHunt application is simple. Using an intuitive interface, Investigators can search and immediately start seeing results with no prior training.

4iQ IDHunt Enterprise IDHunt Enterprise (unified OSINT and DARKINT) is software that can be deployed in the cloud or on-premise. It provides intel analysts complete control over the full intelligence cycle; from defining custom threat models and collection plans to dynamic taxonomies and dashboards for ongoing investigations. With IDHunt Enterprise, intel units can discover the real identity behind bad actors, configure collections, gather information and fuse data from across the surface, social, deep and dark web, internal file systems and third party data sources in order to prevent and disrupt attacks. Multiple Missions Supports multiple investigations across Fraud, Financial Crime, Cyber and Corporate Security units. Complete Control Tailor data to every part of the full intel lifecycle. Simply configure thousands of sources, collection schedules, dynamic taxonomies, and real-time queries. Collection Engine Large portfolio of built-in collectors can scan surface, social, deep, and dark web, as well as internal email and file systems. Turnkey Solution No integration required. Get Cyber and Corporate Security units up and running quickly.

Secure, centralized control and instant access to production copies for continuous security testing. Features: Enforced Retention to Prevent Data Deletion Ensure data integrity by preventing unexpected data expiration or deletion prior to established retention periods thus protecting against rogue users and ransomware. Air Gap Technology Implement a low cost air gap strategy to protect against unexpected attacks and recover instantly and enable compliance with regulations like Appendix J or Sheltered Harbor. Leverage Object Storage for Cost Effective Retention Benefit from the powerful economics of object storage for data storage while also gaining instant data access. Secure Immutable Data Storage Rely on a hardened software appliance that limits external access and uses advanced data encryption to ensure data integrity and enable compliance with policies like Sheltered Harbor and GDPR. Ability to Instantly Rollback & Recover Rollback to previous states instantly regardless of data age or type & recover instantly. Instant Creation of Test Environments Spin up dozens of VMs instantly in a consistent and reliable manner to enable large scale security testing and validation. Parallel Recoveries Recover 10s, 100s or even 1000s of servers in parallel when attacks occur thus minimizing downtime and outage windows. Consistent Security Policies Maintain consistent security and access control on all data regardless of location by reducing surface area of attack by provisioning thin clones using a single backup copy to dev/test and UAT environments. Enable Automated Legal Hold on Critical Data Set enforced retention policies to ensure that data is retained based on fixed schedules and cannot be deleted prior to expiration. Integrated Workflows to Enable Automated Data Masking or Record Removal Workflow tools ensures that consistent actions are performed on all presented data copies including enabling third party masking tools or execution of database scripts to remove selected records.

Industrial control systems have long been considered immune to cyber attacks as they are mostly isolated from the Internet. Unfortunately, this no longer holds true. Today’s advanced cyber attacks are targeting critical infrastructures and organizations with highly valuable information, leading to sabotage of massive assembly lines, severe economic damages, and data breaches. AhnLab EPS is a compact, optimized security solution for industrial systems based on whitelisting. Find out how EPS ensures the stability of operations and increases endpoint security effectiveness without impacting business productivity. Features: Whitelist Approach Application whitelisting takes a proactive approach, denying everything that is not specifically approved. This approach allows only trusted programs in the whitelist, in contrast to traditional reactive solutions that only block known threats that are explicitly defined in a blacklist. By ensuring that only clean, approved applications can be executed, it protects networks from a broader range of potential threats. Specialized for Industrial Systems The importance and nature of industrial control systems, such as production lines, plants, and Point of Sales (POS) machines, present particular challenges to ensuring their continued security and stability. Coupled with restrictive controls on clients in these systems, EPS ensures stable system operation and security integrity in industrial environments. Complete Network Control Enables you to control the direction of communication and block malicious network IPs and ports in to keep potential risks at bay. Customize your protection for networks and preempt threats. Simplified Endpoint Protection EPS places its powerful antivirus engine on the central server, so that IT administrators do not need to update and maintain the signatures at every endpoint. Learning Mode Administrator can simulate the results when the configured settings or security policies are applied to real circumstances. It helps reduce disruptions to productivity and unexpected errors that are common with untested deployments. Advantages: Stability

• Proactively protects against unknown malware
• Prevents malware-induced security breaches
• Provides system stability without requiring signature or patch updates

Productivity

• Eliminates interruptions caused by malicious or unauthorized software
• Operates around the clock without the need for constant maintenance
• Allows simple administration and implementation

Cost-cutting

• Reduces system and data restoration costs by preventing malware damages
• Reduces time and costs required for system security and maintenance

In the field of security, our julia mailoffice product is the market leader for e‑mail security. julia mailoffice is used by a large of number of German federal authorities and big-name private enterprises. It serves as federal government's virtual mail room. We supply you with electronic encryption/decryption and digital signatures/signature scanning for e‑mails. Feaures:

• A scalable solution for small, medium-sized and large companies
• Extremely stable operation and performance
• Defined rules can be adapted in line with your compliance requirements
• New web mailer ensures secure communication even with recipients who do not have their own encryption
• Automated links to any trust centers to source certificates efficiently

Benefits: Expansion options and integration Open interfaces let you intervene in the way julia mailoffice processes mail in order to accommodate special requirements without the need for the vendor to modify the implementation or for extensive, expensive projects. Using the script interface supplied, the individual processing of e‑mails in julia mailoffice could not be easier. The content of e‑mails can thus automatically be incorporated securely in workflow systems, collaboration tools and document processing systems in all kinds of different ways. Integration in e‑mail archiving systems is naturally possible. EDI processing is operated in many places with the aid of julia mailoffice. And the processing of signed mail attachments (with full legal compliance) is another of the many value-added tasks handled by this system. Scalable solution to suit every need julia mailoffice is a pure-play software solution. It can be operated as an appliance – even for small firms with fewer than 10 workplaces – or across a cluster of virtual or hardware-based servers. It has for many years been successfully deployed by companies with between 10 and 30 users, between 50 and 200 users and between 1,000 and 100,000 users. Features such as client capability, cluster capability (for load balancing and high availability), linear scalability and corresponding support models facilitate the smooth operation of julia mailoffice in business-critical environments. Allgeier Security Technical issues are naturally vital, but due consideration must also be given to legal and business interests. In all these areas, our products protect your corporate communication. Our consultants help you square the circle of guaranteeing the strictest security while maximizing ease of use and keeping costs to a minimum.

Ion disperses enterprise web scraping activity over our vast network of anonymous rotating IP addresses, allowing you to increase your data collection speed, avoid detection by targeted sites, and perform unrestricted deep-drill scraping. Ion is not only faster and safer, but is more reliable than other comparable solutions. Our high-speed, low latency IPs accelerate your data collection, with far more accurate and reliable results. The Ion Advantage

• Speed
• Reliability
• IP Quality

Features: Faster Web Scraping Dispersing your activity over our high-speed network of anonymous IP addresses allows for secure, efficient data scraping. Concurrent requests and virtually unlimited sessions drastically reduce blocking and increase collection rates. Ion allows you to use many simultaneous persistent IP addresses for high volume dispersed data collection. Multi-Protocol Web Access—HTTP and HTTPS Ion handles the connection details whether or not the target sites are encrypted, giving you access to the websites and data you need. User-Controlled Persistence Different jobs require different levels of IP persistence. Ion provides sophisticated control of IP addresses, enabling automatic IP rotation with each request or sticky IPs for extended sessions. You have control over how often your IP addresses rotate or how long they persist, allowing for high volume dispersed data collection or deep drilling. Usage Dashboard Ion’s dynamic user dashboard allows you to view and manage your account details, track data usage, and easily create activity reports. Usage statistics and a trends graph track your daily data and bandwidth use, providing a visual insight into user activity. Enterprise Use Cases

• Competitive Intelligence
• Investment Intelligence
• Reputation Management
• Research
• Web Monitoring

For Service Providers Grow your revenue and lower your costs, managing and selling email security services. The great skillset of Service Providers, their ability with communications networks, and especially their proximity to customers, make Service Providers especially fit to provide carrier-grade systems and value-added managed services on the Cybersecurity market. For Enterprises Email security is critical for business to face the growth of cyber threats The permanent relevance of Email in organizations, affected by the increasing security concerns associated with phishing, data leakage, and privacy protection, among others, pushes Service Providers to provide Email Security on top of the existing email infrastructure. Preferably, with an Email Security service robust enough to build trust on organizations, while becoming a value added service for the cloud platform itself, as well as hosted Service Providers and Resellers. MPS Characteristics AnubisNetworks Global Threat Intelligence Platform AnubisNetworks’ security ecosystem permanently monitors the world for Botnets, IP Reputation, Email phishing and Malware campaigns, and communicates with MPS edge filters, for real time proactive malware prevention. Control Features on top of Security Features DLP (Data Leakage Protection), Quota Management, Rate control, Email Validation, transport Encryption and many other features are available per user and per scope, taking this platform far beyond Email Security. Complete Visibility on your platform Complete details on messages and queues for inbound and outbound flows. MPS also contains several dashboard data, system auditing, business information tools, each feature configurable by scope and data. Customizable/White Label GUI Each of the hierarchy scopes can be fully customized with your brand identity, your partners and your end customers. Lean Management of Quarantine Quarantine can be managed by IT and/or end users, in a centralized console, with the option of web end user interface and/or email interface (via periodic digests). Hierarchic Multitenant System for Inbound and Outbound An advanced architecture with several administration scopes (Virtual scopes, SMTP domains and LDAP based Organizational units), each with distinct roles – including Helpdesk users - for both centralized and delegated management. Email Secure Routing and Virtual Aliases MPS brings a new dimension to email routing management by enabling the usage of BCC, Email Queue holding, Distribution lists, Virtual Aliases, and Listeners based routing. And protected under SPF, TLS and DKIM encryption mechanisms. Auditing, Monitoring and Billing information Advanced and easy access to detailed information on all activities and system information, for billing, auditing and compliance purposes. Email Control

• DLP - Data Leakage Protection
• Multitenant Quota management
• White & Blacklists inheritance
• Attachments Discovery
• BCC and Archiving plugins
• AD Integration for AAA

Arkivum software delivers long-term preservation and safeguarding of some of the world’s most prestigious and important data. Built-in automated processes ensure future accessibility, easy search and usability of your data, making your content discoverable and available over any digital channel. Arkivum software is powered by industry adopted open source technology, and pre-built integrations and open APIs make Arkivum solutions seamless when integrating, whether on-premise, cloud-based or hybrid. Arkivum is ISO 27001 and ISO 9001 certified and adheres to GxP principles for best-practice information security and data management. Benefits: Compliance

• Smart management of regulated data

 

• Automate retention schedules

 

• In-built mechanisms for secure removal of data

 

• Trusted data export that proves authenticity of records in original state

 

Usability

• Extraction and enrichment of metadata for easy search and discovery

 

• Records can be shared securely

 

• Make sure data is where it needs to be with our flexible data organisation model

 

Digital Preservation

• Long term access

 

• Adheres to OAIS standards

 

• Ongoing file normalization to ensure always readable

 

Data Safeguarding

• Secure, cloud based managed service

 

• Flexible deployment options

 

• 100% data integrity guaranteed

 

• In-built validation, integrity and fixity checks

 

Visualization

• Secure, user permisioned access

 

• Retention schedules

 

• Investigation

 

• Easy administration

 

• Integration with your reporting and analytical tools

 

Our domain expertise means we can deliver the following use cases Long-term data safeguarding Your data is stored securely for the long-term in a tamper-proof format with a full chain of custody throughout its lifecycle. Flexible, open APIs mean you can integrate with your favourite tools to access your data at all times. Digital preservation Future-proof your data now. Arkivum ensures your data is usable forever and protected from obsolescence as technologies continue to evolve and change. Compliance & regulation All data processing is fully audited throughout its lifecycle and evidence ready when needed. Quickly and cost-effectively meet new regulations as they are introduced. End of life systems Prevent data loss due to end of life systems. Extract data from legacy systems so you can use it again and again as you need to. Arkivum solutions ingest data from any source and multiple file types, and its vendor-neutral technology means you can future-proof against EoL issues. Records management Reduce the time, cost and effort to search across your data locations, to produce information for the business to support faster, well-informed decision making. Dynamic data retention management policies eliminate the silos across your business to enhance collaboration. Total Cost of Ownership (TCO) reduction Our managed service means you don’t have to hire expensive data experts, and existing staff can focus on interesting projects that add value to the business rather than managing the data. Our elastically scalable service and pricing means we can scale with your business, as you need us to, and provides a predictable TCO.

DocRAID is the pioneer in CloudRAID technology, 100% zero-knowledge backup and file sync, secure file exchange, and easy to use email encryption. Off-Premise in our data centers or on-premise (self-hosted) in your data center. Awarded security Your data is save with DocRAID. This is why we got awards from these international corporations and institutions: SAP, Siemens, Empolis, Bayer, Volkswagen, EU Office of cyber security and privacy. Compliance Be compliant with international standards such as HIPAA, EU General Data Protection Regulation and others. On-premise (self-hosted) or off-premise on our metal Scalable and flexible hosting for your company's most valuable information. Get your own domain e.g. myCompany.docraid.com. You manage your team online, we provide the secure infrastructre. Alternatively you host DocRAID in your data center. CloudRAID Pionier DocRAID is the pioneer in CloudRAID technology and combines multiple mechanisms for maximum data protection: fragmentation, encryption and redundant distribution to multiple storages. Solutions These industries use DocRAID: Healthcare, Administrations, Pharma, Architecture, Defense, Energy, critical Infrastructures or simply teams and private users.

• Healthcare collaboration. Exchange large files across countries and across hospitals. Be compliant with HIPAA and other regulations.
• Email. Send email protected without handling a complex and expensive public key infrastructures.
• Cyber Defense. Reduce your attack profile significantly. Use zero-knowledge-synchronization for additional protection. Manage the key material at separate locations.
• Insider threats. Reduce insider threat risks and maximize your data protection capabilities.
• Strategic Reconnaissance. Prevent industrial espionage and mass surveillance.
• Pharma. DocRAID makes it easy to deliver secure corporate collaboration, without end-user hassle. DocRAID provides enterprise-grade security, allows large file uploads, and can synchronize files across desktop and mobile devices.
• Attorneys. Encrypted document transfer, remote access and collaboration designed to meet an attorney’s workflow and security requirements. With DocRAID, attorneys securely deliver and access confidential correspondence and other case files faster and without size limits, saving time and expense compared to manual methods. As a professional resource, DocRAID works with Microsoft Outlook, on tablets, and any Mac or PC.
• Collaboration. Exchange data with external partners.
• Healthcare - Interoperability. Send sensitive data to patients, doctors, hospitals. Audit proof.
• Architecture. Send large files to local administrations. The receiver does not need to install software. Get proof that you delivered your file on time.

Awake Security can continuously monitor an entire environment, process countless points of data, sense abnormalities or threats, and react if necessary—all in a matter of seconds. The Awake Security Platform gives you: Cognition Understand your entire attack surface Get a clearer view and understanding of every user, device, and application—whether managed or unmanaged. It offers:

• A more complete view of your potential attack surface and the business assets that are part of it.
• Tracking of every asset as they move across your network while detecting malicious intent of all entities.
• An autonomously built understanding of the relationships and similarities between entities.

Detection Identify the threats others miss Detect and understand the intent of every threat. The solution hunts down and focuses your attention on the most consequential threats by:

• Building up evidence of malicious intent for each entity and correlating all behaviors over time.
• Going beyond alerts and visualizing the entire incident kill-chain across entities, protocols, and time.
• Allowing custom detection for your unique risks without needing threat hunters or data scientists.

Response Faster, more effective reaction Access actionable information regarding the entities that pose the most risk to your business and respond effectively with:

• Comprehensive, descriptive investigative answers to give better context to threats and event details.
• Forensic artifacts and timelines that equip you with meaningful evidence you can actually use.
• Insights you can share with your entire security infrastructure to enhance existing investments.

Get Results in a Matter of Hours

• Connect it to Your Network. Integrates easily into all your existing networks

 

• See Results. See high-risk incidents and compromised entities without the need of agents, manual configuration, or complex integrations

 

• That’s It. Deploying Awake really is that simple

 

Phoenix for Oracle achieves continuous application availability and saves money by constantly protecting yet-to-be-replicated data and rapidly restoring production across the Oracle environment. By combining Oracle® multiplexing capabilities with Phoenix’s disaster-proof Black Box and its operating system’s rich-featured recovery process, Phoenix for Oracle provides continuous application availability without the complexity, cost, performance issues, and distance limitations associated with synchronous replication. In the event of failure at the primary site, Phoenix for Oracle recovers all applications and databases together, with full consistency across them. Your organization can leverage any type of storage (including Exadata and flash arrays), any type of server connectivity (e.g., storage area network [SAN], InfiniBand, or IP-based), and any type of replication (e.g., storage-based or Data Guard). In addition, Phoenix operates over existing communication lines and has no impact on bandwidth requirements, freeing you from one of the most costly line items in disaster recovery budgets. Benefits: Continuous Availability Zero data loss and full consistency across applications means you can fail over immediately to maintain continuous application availability and reduce downtime costs. Cross-App Consistency Phoenix synchronizes all applications and databases in the Oracle environment to one consistent point in time, ensuring data integrity and allowing the fastest possible recovery. Unmatched Cost Reduction No three-data-center topology. No bandwidth upgrades. Less human intervention. Less downtime. Phoenix reduces capital, operational, and risk-related costs. No Distance Barrier Locate your DR site at any distance from the primary site. Phoenix augments your asynchronous replication and protects yet-to-be-replicated data right at the primary site. No Costly Communication Lines The disaster-proof Black Box protects and transfers the data lag from its location at the primary site, eliminating bandwidth costs related to synchronous replication. Continuous Application Availability at Flash Speeds Phoenix protects the most recent not-yet-replicated snapshot and is the only technology that enables continuous application availability of flash-based storage arrays.

Ayehu NG is an intelligent IT Automation and Orchestration platform built for the Digital Era. Powered by machine learning algorithms, Ayehu acts as a force multiplier, driving efficiency through a simple and powerful, web 3.0 automation platform for IT and security operations. Ayehu helps enterprises, save time on manual and repetitive tasks, accelerate mean time to resolution by 90%, and maintain greater control over IT infrastructure. As an agentless platform, Ayehu is easily deployed, allowing you to rapidly automate tasks and processes, including interoperability across disparate solutions and systems, all in one, unified platform.

• Simple. Easy to use, no coding required
• Scalable. Highly scalable and flexible to deploy
• Integrated. Powerful interoperability across IT and security solutions
• Intelligent. Machine learning driven decision support

Features: Codeless Workflow Designer Easy to use—no coding or programming required— workflow designer enables rapid adoption and time-to-value, with an extensive pre-built library of activities and end-to-end workflows. High Availability and Scalability Deployed at major enterprises, supporting thousands of business processes, Ayehu effortlessly scales to support organizations with a significantly high volume of incidents, workflows and activities. Ayehu can be deployed across on-premises and private and public cloud platforms. Machine Learning Driven Decision Support Leveraging proprietary, sophisticated machine learning algorithms, Ayehu provides decision support via suggestions to optimize your workflows and dynamically create rule-based recommendations and insights. Seamless Integrations Extends and unifies comprehensive workflow automation across disparate systems and applications, through out-of-the-box integration packs with IT and security solutions and services, including ServiceNow, McAfee ESM, SolarWinds, and more. Ayehu Live Dashboard Ayehu LIVE provides a central display of incidents, generated workflows, real-time key performance indicators and statistics. With Ayehu LIVE you can view the online status of Incidents and workflows, manage critical events and take proactive actions to avoid degradation in critical operations and services.

BackBox is the leading provider of Intelligent Automation for all Network and Security devices. BackBox provides the ability to schedule automated backup and storing of device configurations, single-click recovery, real-time inventory management, custom task automation, and pre-emptive health checks for all your critical devices. BackBox is ideal for any organization, multi-tenant sites and service providers. Features: Automated Backup & Recovery Solutions BackBox provides a single, central repository for all your network device configuration backups. Eliminating the need for manual or scripted backup procedures, BackBox will pull all configuration files required for recovery. Network Visualization Software Network inventory and asset management has been a long-time feature of BackBox. Since BackBox is connecting to the devices regularly and pulling the necessary information, BackBox is able to provide a dynamic list of devices associated with the network that is automatically populated and updated with each backup performed. Network Inventory & Asset Management BackBox reports on hardware information such as CPUs, RAM, and storage, model and type information for devices, licensing information, and much more. The data is refreshed with every backup so it’s always current, and has customizable fields so you can access the exact information you want. Network Task Automation BackBox comes with a set of pre-configured network tasks that can alter configurations on multiple devices with a single-click. Automating these network and security tasks can be as simple as adding or removing an administrator from devices or as elaborate as preforming complex automated upgrades or hot fixes to multiple devices with a single click of a mouse. INTELLICHECKS: Network Health Checks In contrary to regular network monitoring solutions, BackBox comes with a predefined signature set that can check the health of your systems and keep uniformity and consistency of your device configuration. In contrary to regular monitoring solutions, BackBox can check things on the application level, what allows for much deeper intelligence, that is not available otherwise. Identity and Access Management Software Access Management adds the ability for BackBox to connect to remote devices without the need of a 3rd party software. It improves the connection experience by giving SSH, TELNET and RDP access from one console to all of your devices connected to BackBox.

Baffle’s solution goes beyond legacy encryption to truly close gaps in the data access threat model. Baffle provides an advanced data protection solution that protects data in memory, in process and at-rest to reduce insider threat and data theft risk. Baffle’s solution is an advanced data protection solution for two main reasons:

• The solution delivers application level encryption via a “no code” model

 

• The technology provides “homomorphic-like” functionality meaning it enables mathematical operations, sorting and searching on AES encrypted data without ever decrypting the underlying values in memory, in process, or at-rest

 

Benefits: Simple to Deploy: No application code modification required Baffle requires no changes to application tier code. The application operates as normal without embedding an SDK or library and commercial off-the-shelf (COTS) apps can be supported. Fast Performance: Virtually no performance impact Baffle has neglible impact on base level store and retrieve operations. Advanced operations on encrypted data are typically inline with transparent data encryption (TDE) overhead metrics. Full Functionality: Does not break your apps Baffle supports sort, wildcard search, and mathematical operations on encrypted data without decrypting the data. This ensures that data is protected at all times without compromising application functionality for your users or requiring application modification. Strong Security: AES encryption in use, in memory, at-rest Baffle uses industry standard AES encryption and protects data in memory, in use and at-rest while allowing secure computation to occur on encrypted data.

Start the Endpoint Investigation Directly integrating with security orchestration, automation, and response (SOAR) and security information and event management (SIEM) systems, Cyber Triage investigations can start automatically based on an alert or analyst-initiated workbook. Requirements and integrations:

• Integration with SOARs/SIEMs requires the Team version of Cyber Triage, which includes a REST API
• Cyber Triage integrates with Demisto, DFLabs, IBM QRadar SIEM, IBM Resilient, Phantom, Splunk, and Swimlane and more
• If we don’t currently support the integration you need, reach out; we can add the needed integration to our roadmap

Get Data From the Endpoint Cyber Triage’s targeted collection approach saves time because it copies the most important data from the system in one step and does not require the user to make a forensic image of the entire drive. Collection tool properties:

• Runs on all versions of Microsoft Windows (XP and newer)
• Requires no installation on target systems; it is pushed to live systems as needed or can run directly from a USB drive
• Contained in a single executable, which makes it easy to deploy
• Analyzes disk images in raw or E01 formats
• Uses The Sleuth Kit® forensics library, thereby making collection less vulnerable to typical rootkits and does not modify file access times

Collected data:

• Volatile data (including running processes, open ports, logged-in users, active network connections, and DNS cache)
• Malware persistence mechanisms, including startup items and scheduled tasks
• User activity, including what programs they ran, web activity, and logins
• File content from suspicious files
• File metadata from all files on the system

Identify Bad and Suspicious Items After data is collected from the target system, Cyber Triage automatically looks for evidence that an experienced responder would search for first. It looks for data that is anomalous and similar to past incidents. Each collected item is assigned a score based on its risk. Bad and suspicious items are shown to the user. Automated analysis techniques will find:

• Files with malware based on results from multiple ReversingLabs engines
• Known bad files and other items based on IOCs and blacklists
• Startup programs, services, or drivers in uncommon locations or that are not signed
• User accounts with abnormal behaviors and failed logins
• Known good operating system and application files based on MD5 hash values and NIST NSRL and ignore them; this reduces the amount of data that needs to be analyzed and reviewed.
• Encrypted archive files that could be from data exfiltration

Enables Analysts to Make Decisions Every host is different because each user has different usage patterns and technical expertise. When responding to an incident, responders need to make decisions about each host Cyber Triage helps them make those decisions. Cyber Triage helps by:

• Having a built-in intrusion forensics workflow that allows users to quickly see what items are suspicious and mark items as suspicious
• Allowing the user to pivot between correlated data types; they can start with a process and quickly see its network connections and remote host information, or look at the process’s executable file or how it started
• Showing the current timeline of bad items; when an item is marked bad in the investigation workflow, it is shown in a small timeline, making it easy to compare a suspicious item with other bad items
• Providing a full timeline of system activity, which allows the user to see what happened before and after a given event; this makes it easier to find related activities and put context around a suspicious event
• Giving the user a file explorer view to see what else is in the suspicious file folder
• Showing how common or rare an item is based on how often it was found in previous sessions

Find Other Hosts The host that you are analyzing could be the tip of an iceberg. Once you have one piece of evidence, it can be useful to start scoping the scale of the incident for other hosts. Cyber Triage allows you to scope incidents. Cyber Triage scopes by:

• Queueing up a set of hosts that need data collecting and analyzing
• Adding the hosts to the same “incident grouping,” which allows the user to correlate among them
• Items marked as bad in one host will be marked as bad in others.

Discover PI across structured, unstructured & big data Find every person’s data across petabytes of on-prem or cloud data using advanced machine learning, identity intelligence & smart correlation. Find hidden information & relationships Uncover unknown & uncatalogued personal data. Resolve identities; show data connections across PI tables; detect quality anomalies. Inventory PI by data subject & residency Index identity data by data subjects, country, app & more to enable GDPR privacy requirements like right-to-be-forgotten, breach response notifications and consent. Automate access right fulfillment at scale Generate customized data access reports at scale and high volume. Ensure continuous compliance through ongoing data deletion checks. Automate data flow mapping Automatically build & maintain data flow maps from scanned data. Enrich process maps with built-in surveys & collaboration. Track data access & X-border Flows Monitor PI access by application for enhanced data protection. Automatically track x-border data flows for all PI automatically. Identify and Prioritize Protection for PI with Open Access BigID consolidates access intelligence insights to provide a granular view of where personal data at risk, with the ability to drill down and search the inventory for focused security and privacy compliance actions. Comply with privacy regulations like GDPR & CCPA Enable security, privacy, data governance organizations to satisfy current regulations and test against future regulations through simple natural language queries, analysis templates, and reports. Map your data relationships across data stores Trace and traverse your identity data across apps and data stores. Identify connections across entities; find sensitive associations; determine lineage. Smart, Privacy-aware Tagging Add GDPR and identity-centric labels to documents for simplified security enforcement with DLP, DRM, DAM and Encryption. 72H Breach Investigation and Notification Compare internal data with dark web data to identify affected users and their residency for fast targeted response and accelerated investigation. Automate Policy Checks and Enforcement Orchestration Flag, alert, and orchestrate data protection actions via APIs with configurable policies; proactively react to compliance violations, risk escalation or cross-border transfers. Advantages:

• Know your data without moving your data. Graph your data relationships without building another data warehouse or lake. Discover identity relationships across your data stores with no language or metadata dependencies.
• Find more personal data in any language without false positive frustration. Get up to 97% accuracy across all data types, without language, character, meta-data or RegX dependencies using BigID’s first of its kind, patent-pending machine learning, identity intelligence and smart correlation search algorithm.
• Hot or not, easily find your PI with heatmap. Quickly detect possible PI in data stores to streamline data migration to cloud, monitor dev environments for personal data pollution or focus investigations.
• Agentless Search across structured, unstructured, Big Data & Cloud. Scan and correlate data across all on-prem & cloud data stores without agent complexity including Mainframe, Hadoop, Hive, NetApp, Teradata, RDBMS, Salesforce, SAP, S3, Outlook, O365, GSuite and dozens of others pre-built no-agent connections.
• Data maps from data science, not data recollections. Today data maps are generated through interviews and surveys. BigID brings data mapping into the 21st century by collecting the information directly from your IT environment and applications.
• DeRisk with data Intelligence. Get a 360 view of your customer data. Quickly identify potential risks proactively based on industry standards or metrics you define, and get actionable recommendations for risk reduction.
• Analyze in your own words. Use natural language to query and build reports in BigID. No SQL or JSON knowledge required.
• Your datacenter or your cloud. Easily deploy inside your own datacenter or fully automated inside AWS, MS Azure or Google Compute Engine clouds.
• Open APIs & Pre-wired Apps. Access BigID operations programmatically, virtualize PI data or simplify integration with GRC, DLP, DRM, DAM and Anonymization.
• Custom Compliance Policies and Alerting. Build data residency and flow policies and alert notifications.

With Binary Defense Managed Detection & Response (MDR), our security team will protect your business through continuously collecting, recording, and storing endpoint data giving you surveillance-like visibility you can use to investigate past incidents or proactively hunt for threats lurking in your networks. Every threat — from the common to the sophisticated — swiftly identified and isolated by our dynamic endpoint services. The Binary Defense MDR platform has detection and prevention capabilities for each part of the attack lifecycle. Protect your brand, your data, and your enterprise with Binary Defense MDR. 24/7 round-the-clock security event monitoring

• 100% Cloud-based
• Alert for state changes that may be Indiacators of Compromise
• Off-line Support
• Removes the burden of keeping defenitions current

Behavioral analytics, analysis, and intelligence

• Always available cloud-scale data management
• Consolidated real-time data collection
• Techniques to detect suspicious system behavior
• User and Entity Behavioral Analytics (UEBA)

Features: Threat Detection

• Hacker-tested, superior detection to any solution available, both on and off premise

 

• Detection of anomalies, advanced persistant threats, lateral movements, privilege escalation, Powershell injection, and many more

 

Dashboard & Metrics

• 360-degree visibility across customer’s on-premises and cloud resources

 

Rapid Response

• Automated response features for incident response

 

• Accelerates investigation and remediation

 

Deception Technology

• Proactive detection, device monitoring, and blocking of known malware, unknown malware, and zero-day exploits

 

• Honeypots and decoys

 

Biscom Secure File Transfer (SFT) is a web-based managed file transfer solution that replaces insecure FTP and email to send and share files all while being easy enough for end users to operate without IT involvement. 6 key ways that Biscom’s Secure File Transfer solution keeps your business moving Easy to use and collaborate

• Simple and intuitive, requires minimal training
• Self-service — no IT support needed
• Integrates with Outlook
• Mobile apps provide access and control from anywhere, anytime
• Drag and drop files into Web
• Automation tools for unattended and machine-to-machine transfers
• Reduce your Exchange server mailbox size by re-routing attachments through Biscom SFT

Unlimited file size capabilities

• No size or file type limitations — easily supports files 100+ GB and up for simplified large file transfers
• Overcome Microsoft Outlook/Exchange limits
• Built-in acceleration for optimal transfer
• More user-friendly replacement to FTP
• Checkpoint restart for interrupted transfers

End-to-end-security

• FIPS 140-2 certified, AES-256 bit encryption
• Data encrypted at rest and in transit
• Full transaction logging and reporting
• Anti-virus integration
• Three-tier security architecture
• Penetration tested

Integrates with enterprise systems

• 3-tier architecture for scalability, flexible security
• Integrates directly with Microsoft Active Directory and LDAP
• Microsoft Outlook plug-in works with Global Address List (GAL)
• Configurable for high availability (HA) and disaster recovery (DR)
• Microsoft SharePoint
• HP/Autonomy iManage
• RESTful API available for developers and system integrators

Better Visibility for End Users and Administrators

• Confirmed delivery
• Detailed usage reports, file activity, active users, and other analytics
• Policy-based – can trigger secure deliveries based on file size, file type, or keywords
• Advanced delivery options – second level password protection, expiration date, notification options
• Compliance role
• Audit-friendly

Deployment options to meet your needs On-premises For companies that prefer to keep their files local, Biscom SFT can be deployed on-site, with support for both physical servers and virtualized environments. Data is stored locally – you have full control of your files. Private Cloud Private cloud deployment eliminates infrastructure changes yet still provides full control of users, configuration, and branding. Maintain all of the administrative capabilities but without server maintenance and upkeep. Hosted Public Cloud For individuals or small groups of users — Biscom SFT is offered without any long term contracts. Simple sign up, and month-to-month billing — you can cancel at any time. Free trial for all new sign ups. Sign up now.

Identify Interanal Attackers ThreatBox looks, acts and feels like a real IoT device or web-service in your environment. When attackers are performing reconnaissance or finding targets, ThreatBox will alert you. When an attacker actually tries to attack a system that is a ThreatBox, it allows it. Holding the attacker while alerting you. You can also deploy our ThreatBox plugins to existing websites in your company to further enhance detection of internal adversaries and lateral movement. How it Works Adversaries in your network have one goal - attack and gain access to lucrative systems. These systems can be medical devices, CCTV, transaction/banking systems, PLC/SCADA devices and more. ​ In 2015, we set out with an idea to help detect these kinds of attacks. By creating systems so real, and so distinctly bespoke - attackers will hack them, not realising that the underlying architecture is designed to detect and alert on their covert activities and movement. Dashboard Monitor your alerts and get more information on attacks via the dashboard. You also get emailed when a ThreatBox detects malicious activity against it. Got your own security monitoring? ThreatBox can output alerts to many formats including Syslog and support for Splunk!, AlienVault and others.

Sensitive information Safeguarding your company's material assets is routine. However, protecting intangible assets is often overlooked. When it comes to security, everything should be archived in a space that can be accessed externally and internally in a controlled manner. With BooleBox, you can. Risk-free.

• Guaranteed military encryption
• Multiple personal keys
• Advanced protection

Secure exchange Today, the job market is increasingly delocalized. Accessing information useful to your business, at any time and in any place, has become a necessity. Without having to compromise, BooleBox offers you a corporate file-sharing system that is fully protected against external attacks and internal theft. Accessibility is no longer a threat to your security.

• Secure file-sharing systems
• Online editing and collaboration supports
• Reports and activity logs

Protected mail E-mails are a communication method with little security. To be able to use them daily, without making any changes to your routine nor compromising on maximum protection, try BooleBox. With the BooleBox e-mail encryption system, you can exchange sensitive information in encrypted mode and revoke access authorization even after sending.

• Integrated e-mail encryption system
• Special plug-in that can also be installed on Outlook and Gmail

Under control Even the most simple of enterprises requires collaboration between different people. Data and documents are exposed to risk both externally and within a work group. However, with BooleBox, you can have maximum control of data and data access. A small choice that makes a big difference.

• Controlled file classification
• Default access to work groups

Solutions Guaranteed military grade encryption 256-bit AES military grade encryption standards adapted to protect top-secret files Multiple personal keys Created and known only by you for unrivalled security Secure sharing systems Syncing between devices and encrypted email exchange Controlled file classification Use of tags to ensure everyone complies with your rules on protection Advanced Protection Anti screen capture, watermarks, time of use limitation and activity log Online editing and collaboration Direct management, organisation and collaboration in the cloud