Aegify RSC Suite

• Reduced risk
• Unified/integrated approach
• Lower total cost of ownership
• Oversight ease
• Maximum security
• No compliance tradeoffs

The NEED

RISK management is not optional for healthcare, retail and financial organizations.
When SECURITY breaches happen, critical data is compromised, jobs are lost and profits disappear. Managing the regulatory maze is challenging. PCI, ISO and SANS 20 COMPLIANCE is best practice. HIPAA, GLBA and FISMA COMPLIANCE is the law. Risk, security and compliance (RSC) protection is complex and cumbersome. Until now. Discover the effective simplicity of a unified RSC solution. Discover Aegify.

• Aegify RSC Suite includes:
• Aegify Risk Manager
• Aegify Security Manager
• Aegify Compliance Manager
• Aegify Integrity Manager

UNIFIED APPROACH

For management ease and cost reduction, most healthcare providers and business associates prefer a unified Risk, Security and Compliance solution. Consider these diagnostic questions:

• Are you confident your vendors and business associates are compliant with all regulations?
• Are burdens of compliance forcing you to take calculated risks due to resource constraints?
• Do you have multiple siloed solutions that cause integration, management and financial headaches?
• If your answers are mostly “yes,” consider Aegify RSC Suite

Diagnose

Within hours, you will know:

• Your total organizational risk including your risk from each of your vendors and business associates
• Where your security threats lie
• What curative measures need to be undertaken
• Your compliance status with HIPAA, Meaningful Use, HITECH, PCI, ISO, SANS 20 and all other regulations and standards

Cure

Follow Aegify instructions to:

• Minimize organizational risk
• Close your risk, security and compliance gaps
• Comply with all applicable regulations and standards

Protect

24/7 continuous monitoring program will:

• Reduce all risk… today and tomorrow
• Diagnose and cure future security threats in real time
• Comply with all applicable current and future regulations

WHY AEGIFY?

Aegify was founded on a simple set of guiding principles:

• RSC services are too siloed, complicated and expensive
• The market needs a holistic RSC solution that diagnoses, cures and prevents future catastrophic events from occurring

Today, the Aegify Suite is a unique unified solution that operates at the intersection of security, compliance and risk management for healthcare, retail and financial organizations.

For those that don’t need a unified RSC Solution, each individual Aegify Manager product is a robust standalone solution.

Allure Security reduces data loss by analyzing risks associated with document access and sharing activities, inside and outside of an organization’s control. Their patented technology combines the power of beacons, threat intelligence and active defense to detect and respond to digital risks, better understand the scope of attacks and hold bad actors accountable. Fields of Appliance: Website Spoofing Allure Website Beacons detect a spoofed website as soon as it is viewed by the first visitor, which initiates the take down process immediately upon fraud being committed. Intelligence is then collected to quantify customer and brand impact, inform responses (i.e. notify impacted clients to reset passwords) and uncloak attackers. The spoofed website can also be flooded with decoy credentials until the site is taken down to devalue the information collected by the adversary, and Allure Decoy Documents are used to detect intrusions resulting from attacks. Cloud-Share Risk Allure continuously watch document activities in the cloud and use patented document beacons to track documents after they’ve been downloaded, copied or shared externally. We enrich all file activities with proprietary geofence insights and leverage unique model-based analytics to surface and mitigate risks that otherwise go undetected and unaddressed. Users can generate scheduled or on-demand risk reports, integrate with a SIEM to correlate findings, create custom email alerts based on specific criteria, and deploy decoy documents to foil and reveal hackers and leakers. Intrusions & Insiders Allure uses attacker behaviors and confidence to the advantage of investigators to narrow and eliminate suspects by planting or sharing alluring documents with beacons to see who takes the bait. Once documents are opened, investigators will receive proprietary geofence and telemetry insights. Attackers and leakers can be revealed by correlating Allure's insights with other available data, and attackers can be held accountable by sharing identifiable findings with company decision makers and/or law enforcement. What it provides?

• Third-Party Monitoring. Know when third parties mishandle or share files outside of policy
• Document Flow Analytics. Uncover file access and sharing patterns both inside and outside of an organization
• Breach & Leak Detection. Be alerted early in the attack cycle if sensitive files are compromised or exfiltrated
• Risk Reports. Schedule monthly reports or generate them on-demand
• Data Loss Forensics. Track data loss back to the source and hold culprits accountable
• Geo Location Enrichment. Enrich file logs with proprietary geo location insights

Our Splunk applications instantly score network logs to identify emerging threats and anomalies within networks. Non-Splunk users can access our API directly and create custom integrations with our SDK. Use Network Behavior Analytics for Splunk to quickly uncover infected hosts and threats to your environment. The Splunk app processes and submits network telemetry (CIM-compliant DNS, IP, and HTTP events) to the AlphaSOC Analytics Engine for scoring, and retrieves security alerts and data for investigation. The AlphaSOC Analytics Engine performs deep investigation of the material, such as:

• Volumetric and quantitative analysis (counting events, identifying patterns)
• Resolving FQDNs and domains to gather context (identifying sinkholes and ASN values)
• Breakdown and analysis of each FQDN label (i.e. hostname, domain, TLD)
• Gathering of reputation data (e.g. WHOIS and associated malware samples)
• Categorization of traffic based on known patterns (e.g. C2, P2P, VPN, cryptomining)

Particular use cases solved by Network Behavior Analytics include:

• Uncovering C2 callbacks and traffic to known sinkholes
• Tor, I2P, and Freenet anonymized circuit identification
• Cryptomining and JavaScript cryptojacking detection
• Flagging traffic to known phishing domains
• Brand impersonation detection via Unicode homoglyphs and transpositions
• Flagging multiple requests for DGA domains, indicating infection
• DNS and ICMP tunneling and exfiltration detection
• Alerting of lateral movement and active network scanning
• Policy violation flagging (e.g. third-party VPN and P2P use)

Email, shared URL’s, file attachments, cloud drives and new digital communications are transforming the way we work. They are also the most accessible entry point for advanced content-borne cyber attacks. Deep Application Learning Continuous and aggregative CPU-level learning of application paths. BitDam live knowledge base of all legitimate executions for common business applications. Real-time analysis, code benchmarking and immediate alien code detection for advanced threats, regardless of the specific attack technique. Alien Code Detection Forever Protected Applications 100% attack code visibility for known and unknown threats, covering all attachments & links. Prevention of sophisticated exploits and evasion methods, pre-code execution. No need for security updates or patches. BitDam Email Security & Malware Protection Features

• Close to zero latency – With minimal email latency of just a few seconds, end-users will not notice any change. With BitDam, they’re safe to click everything that lands in their inbox.
• 2-click integration – Pre-built APIs enables a (literally) 2-click self-service deployment through the BitDam portal, which applies for all mailboxes in the organization.
• Fast and easy deployment – No MX record change is needed, no hassle to your IT team.
• Intuitive dashboard – Your SOC team can view email subject and recipients through the BitDam dashboard, making tracking and investigating attacks simple.
• Email body and clean files are never saved – BitDam scans the entire email including links and attachments, but doesn’t save it unless malicious.
• Quarantine malicious emails – Malicious emails are automatically quarantined, allowing the SOC team to investigate, delete or release them as needed.
• Visibility to other security checks – As a SOC team user you can see what basic security checks each email went through. This includes anti-spam, spf, and dmarc checks.

Unmatched detection rates, immediate prevention of ALL advanced content-borne cyber threats. Any Exploit Logical Exploits and Hardware Vulnerabilities Any Payload Macro-Based Malware, Ransomware, Spear Phishing. Any Known Unknown Vulnerability One Day, Zero Day Attacks Make it safe to click across all channels

• Email
• Cloud Storage
• Instant Messaging

Common risks faced by Asset Management companies

Regulatory risk – managing millions or billions of dollars on behalf of companies and individuals means asset management companies are heavily regulated. They must satisfy the regulators that they have robust procedures in place to tackle anything from money laundering to terrorist financing. Economic risk – globalisation contributes to increased production of goods and services, but it also means any market uncertainty in one country can have a domino effect and set off a chain of unwanted events in other countries. Fraud risk – fraudsters “cloning” an asset management firm or pretending to be from them is increasingly common. Internally, company employees can also manipulate accounts to enrich themselves. Cyber-security risk – cyber-criminals are getting more sophisticated and will increase their attacks on Asset Management firms that have huge investment portfolios comprised of wealthy individuals and companies.

Areas we work with Asset Management companies

Intelligence gathering is our core strength. Information relevant to a location, a political situation, market trends, competitors and customers is vital to an Asset Management company making well-timed investments. At Blackhawk, we create balanced, insightful reports to Asset Management firms covering the full breadth of business areas. Security is another core area that works side-by-side with corporate intelligence. In this day and age, companies need to know how secure the business is from internal and external threats, online and offline. This is where we come in to assist. We help Asset Management companies by putting together a security strategy that is specific to your business needs. With the security strategy highlighting vulnerable areas in your current infrastructure, you can then make positive changes such as conducting regular training, having more rigorous internal control processes, enhanced personnel security and more stringent employee background checks. In the event when fraud is detected, our forensic team will work with you to conduct an investigation, during which we will uncover and preserve evidence legitimately so they can be used in court.

Bottomline’s Cyber Fraud and Risk Management solutions are fueled by a singular, innovative, intelligent, and adaptive platform that is built on a foundation of real-time user behavior analytics and intelligent machine learning, infused with deep risk, compliance and payments security expertise. This market-proven technology delivers real-time cross-channel fraud detection and prevention for even the most complex use cases and powers Bottomline’s comprehensive suite of Secure Payments, Compliance and User Behavioral Analytics solutions. Integrated with rich visualization and forensic tools, Bottomline’s Cyber Fraud and Risk Management platform is trusted by some of the largest corporations and financial institutions in the world.

It empowers security, risk, compliance and investigative teams to:

• Dramatically improve visibility and reduce risk with cross-channel protection that leverages intelligent machine learning, rules based detection, and behavior profiling
• Stay ahead of regulations and protocols through technology infused with deep risk and compliance expertise across industries, payments types and applications
• Easily evolve your payment security program through a highly extensible and flexible platform that advances with your program as needed

Cyber Fraud and Risk Management Solutions Include:
Compliance. Accelerate speed to achieve regulatory compliance requirements, while decreasing complexity.

As part of the Cyber Fraud and Risk Management suite, Bottomline’s Compliance solution provides corporations and financial institutions with a powerful end-to-end offering to accelerate the speed to achieve regulatory compliance requirements while decreasing complexity.

Whether the need is around modernizing an anti-money laundering program, achieving more reliable sanctions screening, improving payments monitoring, highlighting settlement exposure, or automating suspicious activity reporting to meet regulatory requirements, Bottomline’s Compliance solution offers a modular approach to reducing the cost of compliance and increasing productivity.

 

Secure Payments. Protect payments across a variety of applications, channels, and payment types.
Bottomline’s Secure Payments solution protects payments across a variety of applications, channels, and payment types.

Whether it is one business critical application, channel and payment type, or a variety, our highly flexible and extensible platform delivers proven protection against payment fraud through advanced analytics of user behavior and transaction flows layered with intelligent machine learning, reducing risk for some of the largest corporations and financial institutions in the world.

 

User Behavior Analytics. Quickly identify and stop anomalous user activity through rich fraud analytics.
Bottomline’s User Behavior Analytics solution quickly identifies and stops anomalous user activity through intelligent machine learning, rules based detection, and years of experience protecting some of the largest corporations and financial institutions in the world.

The solution captures all user behavior in real-time across all vital systems and provides protection for both external threats in which user credentials have been compromised and internal threats from authorized users.

Powered by an analytics engine, statistical profiling of users and peer groups, alert correlation that includes predictive risk scoring and the ability to visually replay all user activity, the solution is purpose built for today’s threat landscape.

Even the best detection technology cannot return the data, money or reputation that is lost in a breach. While a layered approach that addresses the entire attack cycle is a must, prevention still has the highest return on investment. BUFFERZONE provides a better way to reduce the attack surface and protect the most vulnerable part of the organization – employee endpoints. How it Works? The BUFFERZONE virtual container protects any application that you define as insecure including web browsers, email, Skype, FTP and even removable storage. BUFFERZONE is transparent to both the application and the end-user, yet completely seals off threats from the rest of the computer. Unlike conventional endpoint detection solutions that depend on signatures or behavioral profiles to detect malicious activity, BUFFERZONE simply isolates malware regardless of whether it is known or new, and prevents it from doing any harm. The BUFFERZONE Endpoint Security solution includes:

• Virtual Container: A secure, virtual environment for accessing content from any potentially risky source including internet browsers, removable media and e-mail.
• Secure Bridge: A configurable process for extracting data from the container to enable collaboration between people and systems while ensuring security and compliance.
• Endpoint Intelligence: Detailed reporting and integration with SIEM and Big Data analytics to identify targeted attacks.

Features: Virtual Containment On endpoints running the BUFFERZONE agent, access to external, untrusted sources such as the internet and the effects of such access are completely isolated inside a virtualized container. Potential threats are thus isolated from the endpoint’s native resources from which trusted organizational resources are accessed, making it impossible for threats to in any way harm the endpoint or the rest of the organization. A configurable, centralized policy determines application containment. Network Separation Endpoint-based network segmentation. Define separate firewall-type rules for contained and uncontained applications, preventing uncontained, trusted applications from accessing risky destinations such as the internet and preventing contained, untrusted applications from accessing sensitive, internal organizational network destinations. Email Attachment Containment Contains attachments from external, untrusted sources, protecting the endpoint and trusted organizational resources from the attachments. Emails arriving from outside the organization are saved normally (uncontained) on endpoints but are subsequently opened on any protected endpoint in a BUFFERZONE container. DLP Features Several BUFFERZONE features can contribute to an organizational data-loss prevention (DLP) strategy by blocking information from exiting the organization by various paths:

• Containment Features. Prevent uncontained applications, which can access organizational resources, from accessing the internet; and prevent contained applications, which can access the internet, from accessing organizational resources.
• Hidden Files. Set file locations, that may contain sensitive data, to be hidden from contained applications.
• Upload Blocker. When Upload Blocker is enabled, contained browsers can download to and upload from only a designated folder (by default: Downloads), which is isolated from uncontained programs. This prevents browsers from uploading any files to the internet other than contained files that were previously downloaded from the internet.

BUFFERZONE Management Server (BZMS) For centralized management, you can integrate BUFFERZONE with your existing endpoint management system; or, for fuller management capabilities, use the BUFFERZONE Management Server (BZMS) to manage organizational BUFFERZONE agents, gain visibility to relevant organizational endpoints, and serve and assign organizational policy by endpoint and/or user.

IT SECURITY & COMPLIANCE - PROBLEM SOLVED!

NNT’s Change Tracker™ Gen7 R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ensuring the integrity of IT systems. Completely redesigned with both security and IT operations in mind, Change Tracker™ Gen7 R2 is the only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management that meets the most demanding enterprise environments. Gen7 R2 integrates with leading Service desks and Change Management solutions to reconcile the changes that are actually occurring within your environment with those that were expected and part of an approved Request for Change. Security and IT Service Management (ITSM) have traditionally observed and managed change in two very different ways. By linking the changes approved and expected within the ITSM world with those that are actually happening from a security perspective, SecureOps™ is delivered and underpins effective, ongoing security and operational availability.

Change Tracker Features And Benefits

Automates CIS Controls Spot cyber threats, identify any suspicious changes and adjust the secure baseline for all of your systems in real-time with NNT Change Tracker™ Gen7R2. Approve changes to the authorized baseline with a simple point and click. Breach Prevention Ensure all IT assets are secure and breach free at all times by leveraging state of the art, recommended security and configuration hardening settings along with real-time system vulnerability and configuration drift management. Breach Detection Change Tracker™ Gen7 R2 identifies suspicious activity using highly sophisticated contextual change control underpinned by threat intelligence to spot breach activity while reducing change noise. Real-Time Contextual File Integrity Monitoring Change Tracker™ intelligently analyzes all changes in real-time leveraging the world’s largest repository of independently verified whitelisted files combined with intelligent and automated planned change rules to significantly reduce change noise and deliver a true FIM solution. System Hardening & Vulnerability Management Minimize your attack surface with continuous and real-time clear configuration guidance and remediation based on CIS and other industry standard benchmarks for system hardening and vulnerability mitigation guidance. Continuous Compliance Monitoring Across all Industries NNT provides comprehensive tailored or pre-built reports to provide vital evidence to security staff, management and auditors of the ongoing and improving state of your organizations secure and compliant posture.

New Features and Functionality

• All new Dashboard, fully customizable with choice of widgets and multiple tabs for alternative Dashboard layouts

• ‘Single-Page Application’ design gives a contemporary, super-responsive Change Tracker experience

• New universal Query/Report controls, consistently available, enables reports to be built ‘off the page’

• New Reports Center – build and schedule any reports, with graphically-rich content, including all new Executive Report showing overall security of your estate

• ‘Expert Event Analysis’ sections for reports, with events automatically pre-analyzed to show ‘noisiest’ devices, paths, registry settings and any other monitored configuration attributes to aid decision making in your Change Control Program

• Report production now performance optimized, even large volume event reports are generated on a streamed basis to minimize impact on Hub server resources

• Report properties can be tailored – include a hyperlinked Table of Contents, Event Details table and Query Parameters, together with as many/few event attributes as required

• New Group & Device/Date & Time filter and selection control panel, selections persist for any page accessed, panel can be hidden when not in use to give a ‘full screen’ display of the Dashboard

• User-defined auto-refresh settings for all pages

• New componentized Planned Changes, allowing easy re-use of schedules and/or rulesets, driven by a new Planned

• New ‘FAST list’ planned change rule option, ensures only file changes you select as permitted, allows a user-defined list of approved file changes to be operated – like a personal FAST Cloud!

Operating at a forensic level within the IT infrastructure, Change Tracker™ works across all popular platforms such as:

• Windows, all versions including Server 2019, 2016 and Windows 10, XP, 2003/R2, Windows 7, Windows 8/8.1, 2008R2, 2012/R2 (Core and GUI)
• Linux, all versions, including Ubuntu, SUSE, CentOS, RedHat, Oracle, FreeBSD and Apple MAC OS
• Unix, all versions including Solaris, HPUX, AIX, Tandem Non-Stop
• VMWare, all versions including ESXi
• Database Systems, including Oracle, SQL Server, DB2, PostgreSQL, My SQL
• Network Devices and Appliances, all types and manufacturers, including routers, switches and firewalls, from Cisco, Nortel, Juniper, Fortinet and Checkpoint

Cleafy innovative threat detection and protection technology is available in an open and flexible platform that can be easily adopted to address several needs for protecting your online services and users. Features: Cleafy protects on-line services against advanced, targeted attacks from compromised web/mobile endpoints thanks to its unique real-time, client-less threat detection and prediction capabilities. Cleafy has been successfully adopted to protect millions of users against Man-in-the-Browser (MITB), Man-in-the-Middle (MITM), RAT-in-the-Browser, VNC/BackConnect, Mobile Overlay, and other types of attacks. Cleafy is fully client-less - it operates by integrating with server-side infrastructure: Cleafy provides out-of-the-box integrations with several Application Delivery Controller technologies. Cleafy does not require any application change and is completely transparent to end-users. Cleafy provides (no-touch) visibility on endpoints that allows customers to identify potential threats and prevent business disruption from targeted advanced attacks, gain insights on attack scenarios and techniques (e.g. by inspecting code injected by malware) and thus define best response actions and their overall security posture. Cleafy supports Online Fraud Prevention by providing real-time risk scoring and enabling selective risk-based authentication, thus preserving business continuity and user experience. Key Differentiators: Advanced threat detection and protection

• Patented Full Content Integrity (FCI) continuously verifies full application integrity (DOM/XHR/API)
• Deep threat visibility automatic extraction of threat evidence (e.g. malicious web-injects and mobile apps)
• Patented Dynamic Application Encryption (DAE) to enable safe transactions from infected endpoints

Client-less and application-transparent

• Client-less - no agent deployed and passive mobile SDK – no touch of application backend infrastructure
• User-transparent – no impact on end-user experience, content delivery and endpoint performance
• Application-independent - no changes required to application code – no re-training upon new releases

Open, scalable and cloud-ready

• Open architecture and comprehensive REST APIs – integrates any Transaction Monitor, Case Mgmt, SIEM
• Scalable to continuously monitor full application perimeter and analyze millions of events/day
• Deployed either on-premise or over the Cloud

Corax’s rich data foundation is created through expert ingestion and analysis of third party datasets, including threat intelligence, internet performance data and loss data, and using proprietary Corax automated ‘outside in’ discovery tools that identify detailed characteristics of the technology and security environment of individual companies and their internet connections with other companies.

• Technology and Security data
• Loss data
• Real time Threat Intelligence & Vulnerability data
• Real time Business Interruption / Internet
• Commercial Information
• Custom analytics
• Clients able to modify our model to develop their own view of risk

AI-enabled probabilistic modelling. Prediction and expected costs of data theft and IT disruption Rich, granular, expert-created standardised dataset. Detailed technology, security and loss data on millions of companies Scalable technology platform. Continuous daily, automatic addition and update of thousands of companies in the database

Data, reports and modelled outputs on:

• Cyber risk of individual and groups of companies, including assessment and benchmarking of cyber hygiene and technology resilience; and prediction and expected costs of data theft and IT disruption.
• Scenarios relating to cyber events, security vulnerabilities, technologies and vendors.

Delivered via web access or API integration

Corax is the leading and largest source of cyber exposure data and predicted loss costs of breach and network outage events. Corax’s rich data foundation is created through expert selection, ingestion and analysis of third party datasets, including threat intelligence, internet performance data and loss data, and using proprietary automated discovery tools that identify detailed characteristics of the technology and security environment of individual companies and their interconnections with other companies. Modelled data is developed within a proprietary AI probabilistic engine to predict the expected cost of data compromise and IT disruption with unprecedented accuracy.

Introducing CORE Security

When it comes to securing your cloud, you need to peace of mind that security’s at the core of your hosted infrastructure. That’s why we’ve put together three ServerChoice CORE Security™ packages, with varying levels of protection, so you can get best-fit cyber security for your organisation.

CORE Base

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Unmanaged Quarterly
• System hardening
• Next-generation firewall
• Advanced DDoS mitigation: Standard (20 Gbps)

CORE Enterprise

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Unmanaged Monthly
• System hardening
• Next-generation firewall
• File integrity monitoring
• Advanced DDoS mitigation: Enhanced (250 Gbps)
• 24/7 SIEM services

CORE Platinum

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Managed Monthly
• System hardening
• Next-generation firewall
• File integrity monitoring
• Advanced DDoS mitigation
• Pro (Terabit+)
• 24/7 SIEM services
• Intrusion Prevention System (IPS)

Bolt-on CORE Security™ Services

In addition to the above security packages, we offer a range of additional security enhancements to deliver maximum protection from cyber threats:

• Data loss prevention (DLP)
• Web application firewalls (WAF)
• Penetration testing
• URL filtering (Virtual Desktops only)
• Email spam filtering and antivirus (Exchange only)
• Compliance consultancy

ThreatEye Network Recorder is a network forensics software solution designed to run on commodity hardware. It guarantees line-rate packet capture from 1 to 100 gigabits per second with lossless write to disk. It scales to retain petabytes of data and supports a range of storage options with advanced indexing and search features. The solution provides a web-based packet analysis platform supporting a collaborative packet analysis workflow with retrospective visual analytics. A RESTful API structure supports integrations across a wide range security products. ThreatEye Network Recorder is powered by Napatech’s industry-leading SmartNIC technology, providing 100% packet capture with nanosecond precision time stamping. Key features: FULL PACKET CAPTURE 100% accurate packet capture with up to 40Gbps sustained write-to-disk. 1, 10, 40 and 100Gbps line-rate connectivity options. Scalable on-board and SAN storage options. PACKET ACCELERATION Supporting high speed FPGA acceleration through compatible Napatech and Accolade NIC cards. DPDK support for a wide range of Intel based NICs INTELLIGENT PACKET CAPTURE Using streaming machine learning to make intelligent decisions about which network sessions to record, how long to retain them, and what traffic can be safely ignored. ADVANCED INDEXING Advanced indexing and federated search features support accelerated searches based on 5 tuple including layer 2-4 protocols, across multiple Network Traffic Recorders in a group or geographic location ANALYSIS AND WORKFLOW Transforming packet analysis workflows by providing a secure web-based environment to organize, collaborate and analyze packet captures. Typical Applications and Use Cases

• Threat Hunting
• Incident Response
• Cyber Threat Detection
• Network Performance Management
• Financial Fraud Detection
• Financial Latency Measurement
• Compliance Management

The ARIA SDS platform is a radically different approach to comprehensive network and data security as it employs capabilities normally only found in carrier-class or military-grade architectures. When deployed on available optional hardware offerings it provides the high-availability and fast failover and service-level assurance features demanded in a carrier-class infrastructure. It also uses military communication techniques to protect from penetration and administrative eavesdropping from set-up through operation. Yet, even with this added layer of functionality, the deployment and overall platform management is simple as it is handled through advanced zero-touch provisioning techniques. How It Works The ARIA Software-Defined Security (SDS) platform can secure and encrypt containers and/or VMs as they spawn on-premise, private data centers or public cloud instances. The ARIA software automatically applies the organization’s appropriate contextually aware security policies. Additionally, the ARIA Orchestrator automatically discovers the SDSi and manages the application of the appropriate type and level of security services upon deployment. The central execution, across an entire organization, using a single pane of glass, ensures the desired access controls, micro-segmentation, encryption service types and levels, and other service techniques are correctly applied – no matter where the applications are running – whether it’s on premises, in the public cloud, or anywhere in between. Benefits: Achieve SecDevOps Balance the InfoSec requirement to maintain the consistent application of security policies and data protection with the desire of application developers for more agile and flexible DevOps practices. With ARIA, developers can simply select and connect to their applications for complete encryption. Gain a Cost-effective, End-to-End Security Solution The ARIA software defined security solution works with any enterprise infrastructure, is easy to deploy, and costs up to ten times less than other server host-based encryption solutions. Organizations that run critical security functions on the Myricom ARC Series SIA (versus the server processor) can expect cost savings in the need for fewer server upgrades and lower power consumption, while also achieving increased application performance. Secure Data at Rest, in Motion and in Use It’s not good enough to protect stored data. You must also have a solution for when it moves across the network, when it is accessed and used. ARIA applies the appropriate encryption policies by application, device, or data type – under any use and at any time. Improve Application and Server Performance Advanced security functions like encryption, micro-segmentation, or tokenization are CPU-intensive and, if run through local servers, may cause an unacceptable delay in application performance. The ARIA platform runs seamlessly with the Myricom ARC Series SIA, making it the ideal choice for server off-load. In addition the SIA serves as a zone of trust for keys, making them impenetrable to breaches.

Save time & money

Increase security by focusing on remediating  vulnerabilities that are a part of a validated attack path to a business process or critical asset

Key features:

• Creates actionable insights based on critical vulnerabilities that threaten your business process for immediate alerts and remediation with one click
• Continuous silent vulnerability scanning on all IP based devices on premise or in the cloud
• Automatically detects critical assets and finds how hackers could reach and threaten them, no human involvement required.
• Cronus is certified for Penetration Testing by CREST
• Help comply with GDPR –require regular pen testing, vulnerability management and greatly reduces the risk of breach to your sensitive data.

Continuous. Perform continuous scans all year round, valid for both vulnerability management and penetration testing to stay on top of your network’s security 24/7. See live map and get real-time alerts on current threats to your business processes. Global. Cybot can be deployed globally and showcase global Attack Path Scenarios ™ so you can see how a hacker can hop from a workstation in the UK to a router in Germany to a database in the US. This capability is unique both for penetration testing as well as for vulnerability management.  The various CyBot Pros will be managed by a single Enterprise dashboard. Business Process Focused. CyBot brings context to each asset it scans, checking how it could affect a business process. In this way, you can funnel all your vulnerabilities and first focus on those that are exploitable and that are a part of an attack path to a critical asset or business process. This greatly reduces the resources needed for patching and ensures business continuity.

Which CyBot is right for me?

CyBot is a next-generation vulnerability management tool as well as the world’s first Automated pen testing solution, that continuously showcases validated, global, multi-vector, Attack Path Scenarios ™ (APS), so you can focus your time and resources on those vulnerabilities that threaten your critical assets and business processes. CyBot has one core engine: CyBot Pro, plus two additional management consoles. One for Enterprises and one for MSSPs. CyBot Pro is the workhorse of the product suite. It is a patented autonomous machine-based penetration test which initially scans the networks, its assets, its vulnerabilities and then takes the next step to map out and validate all the routes a hacker could take to reach your critical assets and business processes. Much like the process a human penetration tester would follow, but continuously and at a much larger scale and scope. CyBot Enterprise manages several CyBot Pros. This is great for larger organizations with global networks who wish to gain insights on global Attack Path Scenarios ™ between their branches, each using a different CyBot machine. CyBot Enterprise will aggregate information from all CyBot Pros for in-depth global insights on cyber threats to your business processes. CyBot MSSP provides large managed security service providers with full control of their Enterprise customers, each with their various CyBot Enterprise and CyBot Pro accounts. Schedule their scans, get alerts to your SIEM and much more

CyFIR is a flexible, remote digital forensics and incident response solution backed by a team of experienced security analysts and practitioners. Whether you are looking to complete your existing security stack, institute an incident response retainer as part of your incident response or mediation strategy, or need immediate help in the aftermath of a breach, CyFIR can provide a solution tailored to your needs. CyFIR Capabilities: EDISCOVERY Fast and accurate document collection without disrupting system performance. INCIDENT RESPONSE & DIGITAL FORENSICS Immediate forensic analysis and incident response reduces the cost of a breach by 25 percent or more. INTERNAL INVESTIGATION Continuous network security monitoring and access logging of critical network assets. THREAT ASSESSMENT Near real-time visibility into network endpoints without impact network operations. THREAT HUNTING Proactive, human-centered content profiling and endpoint review. Benefits:

 

• Remote. Forensically access computing endpoints across your entire enterprise from a single workstation.

 

• Live. Search the content of your files for keywords, matching patterns, and more with results appearing as they’re found.

 

• Speed. Virtually instantaneous forensic-level access to endpoints even in low bandwidth environments.

 

• Visibility. Near real-time visibility and extraction of RAM, live file systems, deleted data, and unallocated disk space content across your network.

 

• Accuracy. Comprehensive search and detection capabilities deliver forensically-sound analysis – ensuring good cyber hygiene and improving the fidelity of enterprise-wide queries.

 

• Integration. Perform forensic tasks without network downtime or user interruption, even when searching Microsoft Exchange mail servers.

 

• Compatibility. Access forensic artifacts from most versions of Microsoft Windows Workstations / Servers / Point of Sale, macOS, and Linux Systems including data and malware processes obscured by a compromised OS.

 

The CyOPs Platform utilizes CyberSponse’s patented technological process to fill the gap between automation-only and human dependent security organizations, while also facilitating cross-functional collaboration. Integrate your SOCs entire security stack behind a single pane of glass with unlimited daily actions, fortifying your data and maximizing ROI.

Incident Management

Distinguishing Real Threats From Endless Alerts

Real threats are often overlooked, largely as a result of the copious amount of alert notifications that accumulate daily. CyOPs Automated Intelligent Triaging enables Security Analysts to efficiently uncover these important alerts, prioritizing them based on severity, asset, intelligence, and frequency. To investigate alerts more efficiently, it’s very important to be able to understand and review data in a consumable manner. CyOPs Case Management solution understands the need to manage data effectively and provides options to:

• Manage Alert and Incident Listings in a filter-able grid view
• Ability to add mini-dashboards on each grid to gain visibility into the bigger picture and understand trends
• Ability to define new modules, unlike any other SOAR offering- with customization of modules such as fields, views, and permissions
• Visual layout editor to define custom views, data models, fields, and grids

CyOPs for MSSPs

Integrate All Your Security Tools

Enterprise-level SOCs leverage a multitude of products and tools to effectively resolve incidents and fulfill compliance requirements.  CyOPs caters to our clients’ specific environment needs due to the customizability of product, which results in greater efficiency, eliminated alert fatigue, and maximizes their ROI. The CyOPs Integrations Repository has over 280 available integrations, enabling users to automate their entire security stack behind a single pane of glass.
A unified console built on the only enterprise multi-tenancy architecture.

• Obtain a complete overview of all your customers (tenants) in a single unified CyOPs master console.
• Filter views by customers, to understand the customer’s current state
• Assign and adhere to the Roles and Permissions assigned to each tenant
• Create customer specific alert and incident views
• Robust and scalable architecture for load-balancing usage

Role Based Custom Dashboards

Insight From Multiple Perspectives

CyOPs offers customers enterprise dashboards enabling better decision making.

• Choose from multiple canned dashboards from multiple perspectives
• Export and import dashboard templates
• Export dashboard views as PDFs

Full Role-Based Access Control

• Assign multiple roles to each dashboard to control visibility across the team.
• Ability to assign roles and permissions to dashboard templates
• Ability to make selected dashboards as default for all system users
• Ability to create user-specific dashboards and reports

Reporting

Library of Out-of-the-box Reports

• Leverage the CyOPs Report Library for a quick start with many commonly used reports
• Use ready-made reports like Incident Closures, Alert Closures, IOC Summaries etc.
• CyOPs Support Portal using Report Import functionality
• Customize out-of-the-box reports for organization-specific metrics
• Export Reports in CSV & PDF Formats

Queue Management

Create Dedicated Queues

Leverage the built-in CyOPs Queue Management to handle automatic work assignments across multiple queues and teams

• Create multiple queues across multiple teams
• Add multiple team members to each Queue
• Define logical rules for auto assignments to a specific member or team
• Option to add work tasks manually to any queue

Manage SOC Shift Change With Ease

Streamline SOC Team Onboarding & Management

CyOPs™ enables new SOC team members to start making an impact right away due to its ease of use and ability to retain information from previous employees. Standardized trackable and repeatable processes result in a more efficient onboarding plan for new SOC team members. Create standard automated response processes using the most versatile enterprise drag-and-drop CyOPs Playbook builder that not only retains team knowledge but also shortens incident response times. Maximize your team and security stack with CyOPs™ automation.

• SOCs that work in multiple shifts perfects shift changeovers with ease
• Create multiple queues for different shifts
• Define rules for assigning alerts and incidents based on the timezone
• Obtain snapshots of a shift’s queue to better understand task status
• Option to add manual tasks to any queue or team member

Discover breaches as they unfold, not months later. Current breach discovery gap = 120 days.

Datiphy platform provides industry leading end-to-end data transaction analysis to detect breaches as they unfold. Datiphy automates the extraction and indexing of key data assets from billions of data transactions per day, allowing instant visibility and detailed forensics to the complete data life-cycle. Unlike traditional policy and perimeter based security tools that only provide point protection and lack context, Datiphy provides users with a unique DNA profile of each transaction directly from the data’s point of view.

Each asset within the data DNA profile is automatically indexed against all other transactions. The powerful indexing engine identifies relationships that provide the critical context of how sensitive data is living and being accessed within the enterprise.The Datiphy platform is the first true data-centric audit and protection tool.

Features

• Data DNA & Scientific Behavior. Every data transaction has a unique series of assets. Datiphy extracts these data assets for every transaction and indexes them in real time. Scientific relationships among the assets are built and their behavior base-lined. Because every transaction is being surveyed vs a sample, any change in behavior is immediately sensed and false alarms are eliminated.

• Deep Forensics to Avoid Disaster. Think of Datiphy as the data version of a DVR. Detailed forensics, indexed in real time, allow you to see your sensitive data in action as it flows in and out of the enterprise. Datiphy users can replay events to study the tactics and build policy against similar future attacks or alerts for further discovery.

• Cross-Silo Policy Management. Business processes constantly transpose data across multiple silos. This massive data generation and usage is rendering current methods of data security governance obsolete. Datiphy users build and manage data-centric security policies to coordinate controls across these data silos.

• Protect Your Brand Reputation. When breach details develop in the media, it is clear organizations struggle with knowing exactly what has been taken. Datiphy detects the breach as it unfolds and teams can react immediately. The damage is limited and executives will know exactly what has been compromised.

• Who is Hiding? Once a user is inside, the User ID disappears and the application server credentials are all that communicate with the database. This is a normal behavior that is often exploited by attackers. Datiphy’s patented user mapping technology will identify these users and map their actions from the initial HTTP request through the back-end database response.

• Threat Intelligence & Log Data Merged. The problem with log data is it is overwhelming and lacks relevance. The problem with threat intelligence is most people don’t know what to do with it. Datiphy bridges the gap, giving log data intelligent context and making threat intelligence actionable. Enterprises gain data-driven visibility into the critical information needed to help detect targeted, dynamic, and stealthy attack methods.

• See Relationships with Context. Many tools will provide a glimpse into your data assets, but they lack the complete story. With Datiphy not only will you see the relationships among data assets, but you will also have the complete context in which those assets interact.

• See Data Changes. Sometimes accidents happen. Because Datiphy records the details of every data transaction, you can go straight to the event to see what happened and take the appropriate steps for a complete and fast restore.

• Search Any Events Instantly. Because Datiphy indexes the elements of every data transaction as it occurs, events are easy to find and the forensics behind them are instantly available. Incident Response teams now have instant root cause forensics at their fingertips. Compliance Team audit tasks become fast and simple. Searching and reporting the who, what, when, where, and how for any event or data asset is a breeze.

• See Those Who Observe Data. The pool of read privileges are much larger than the pool of write. Datiphy records the trails of those that take a look at sensitive data, regardless of whether change or take it.

• Mean Time to Verification (MTTV). Too much alert overload and threats go uninvestigated. With Datiphy, responding to alerts with relevant detail in real- time enables teams to validate real threats quickly and conclusively.

 

• Mean Time to Response (MTTR). Datiphy will eliminate false positives that waste precious time. By focusing on just the facts, teams investigate faster and provide less time for attackers to cover their tracks.

 

• Mean Time to Resolution (MTTR 2). Discover compromises as they happen and see the relationships among all similar suspicious behavior. Stopping the attack is only part of the job; with Datiphy context, ensuring it cannot happen again finishes the job.

Let DefenseGRID experts keep watch on your behalf

• Threat Ready Active Compliance (TRAC) Team is staffed by security experts that will help monitor your network and alert you when they see a potential threat
• A structured and supported approach to on-boarding
• 24/7 network monitoring
• TRAC can make the difference between a security fire drill and a full system breach
• Frequent, hassle-free updates without additional cost, software downloads or hardware changes
• Pricing based on your asset size, not the amount of data ingested, so you can cover everything
• Speed and power without the high cost of data centers, hardware and hiring additional IT resource

Key Features

• Scalability that evolves with financial institution needs. Transforms complex and unstructured security event data from disparate systems into meaningful, actionable information

• Community intelligence. A community of financial institutions and cybersecurity experts. Leverage community knowledge for progressively smarter cybersecurity & cybercompliance practices. Learn what like-minded thinkers have to say about keeping financial institutions safe and sound. Access our Knowledge Center for best practices and DefenseStorm GRID updates.

• The DefenseStorm GRID: Co-Managed Threat-Ready Cybersecurity + Active Compliance. Your team and DefenseStorm’s TRAC (Threat Ready Active Compliance). Team use the DefenseStorm GRID together.Be as involved as you’d like in day-to-day activities. The TRAC Team carefully curates the threat feeds and triggers most relevant to banks and credit unions to meet compliance & security needs

• Configured for you. TRAC leverages the DefenseStorm GRID library to create cybersecurity triggers specific to your bank or credit union network and policies.

• See everything, prioritize what matters most. TRAC curates triggers to prioritize the most important indicators of compromise. Machine Learning and Rich Context help reduce the number of alerts and false positives while also increasing relevancy.

• The visibility and understanding you need. You see the same console and dashboards our TRAC Team uses, which facilitates co-managed coverage and efficiency.

• Cybersecurity & cybercompliance in one real time system of record. DefenseStorm GRID serves as your system of record for your cybersecurity and cybercompliance postures in real time, all the time. Task Schedules, workflows, audit trails and evidentiary proof reflect industry regulations as well as your own policies.

• Slash reporting time, even for audits and examinations. The DefenseStorm GRID continuously collects all compliance-related evidence and automatically generates corresponding reports to prove compliance to internal and external stakeholders as well as regulators.

• Guidance to align risk with cybersecurity maturity. The DefenseStorm GRID continuously guides you to align your cybersecurity risk with your Cybersecurity Maturity Level. Your Inherent Risk Profile and Maturity Levels will change as threats, vulnerabilities and operating environments change.

The Dragos Platform contains all the necessary capabilities to monitor and defend ICS environments. It combines the functionality of an OT security incident and event management system (SIEM), network detection and anomaly system, and incident response platform with the experience and intelligence of the Dragos team.

IDENTIFY ASSETS

Deep packet inspection (DPI) of ICS protocols, traffic, and asset characterizations, ability to consume host logs and controller events, and integrations with ICS assets such as data historians provide a complete view of ICS environments.

DETECT THREATS

Complex characterizations of adversary tactics, techniques, and procedures through threat behavior analytics pinpoint malicious activityon ICS networks and provide in-depth context to alerts.

RESPOND

Expert-authored investigation playbooks and case management guide defenders step-by-step through the investigation process to enable independence and transfer knowledge from our team to ICS defenders. Benefits:

• Significantly reduce time to identify and inventory all assets and traffic on your network
• System-generated asset maps and reports provide consistent, time-driven views that are accurate, up-to-date, and thorough
• Automatic classification of assets based on behavior
• Set one or more baselines and get notifications when specific changes or anomalies occur in the environment over time
• Recognize new or rogue assets as they appear; identify assets that have disappeared from the network
• Powered by human-based intelligence that identifies adversary tradecraft and campaigns
• No bake-in or tuning period required; threat behavior analytics work immediately upon deployment
• Detect threats not simply as anomalies to investigate, but with context that guides effective response
• Notification filtering provides a risk-based approach to management
• Playbooks codify incident response and best-practice workflows developed by Dragos experts
• Manage incidents and cases from the same console cross-team
• Clear Indicator of Compromise reports guide attention to vulnerable assets
• Easily monitor case, notification, and analyst activity, as well as system-level health and statusT
• Splunk, QRadar, Pi Historian, LogRythym, Syslog, Windows Host Logs

Being able to identify all the types of issues and events, including custom code and SoD violations, ERPScan provides unparalleled vulnerability management capabilities. With the help of carefully designed machine learning features, it can analyze huge amounts of log data, which go beyond human capacity, to detect cyberattacks and anomalous user behavior. ERPScan Smart Cybersecurity Platform is equipped with a set of modules that encompasses all the main areas of enterprise security outlined in the Gartner PPDR and SAP Cybersecurity Framework. Each of the modules is designed to fit the specific needs of different roles. Moreover, the new interface of the platform makes them easier to be worked with and enhances the overall efficiency of security practices.

Detect    

• Collect all the logs generated in your SAP system
• Detect 0-day and 1-day attacks with the help of machine learning
• Analyze user behavior and detect anomalies

Assess    

• Understand your assets
• Schedule security checks
• Identify vulnerabilities, misconfigurations, customization issues, and SoD violations

Monitor    

• Check compliance
• Monitor all connections between systems with the Threat Map
• Review security posture with high-level role-tailored dashboards
• Get all the necessary security information with the help of the search engine

Prevent    

• Automate code correction
• Generate virtual patches on the fly
• Export 0-day signatures to IDS/IPS system

Respond    

• Track changes between scans
• Receive notifications
• Create incidents in external Incident and Task Management systems

Key benefits:

• Perform industry-specific checks
• Cover all areas of SAP security
• Report on the security posture to the management
• Save time and reduce the costs of compliance
• Simplify vulnerability management