FDR Network Threat Analytics
FDR Network Threat Analytics provides dynamic analysis and detection capabilities that enable identification and response to a variety of cyber threats targeting enterprise networks:
- Breach Detection
- Exploitation Techniques
- Intrusion Attempts
- Malicious Actors
- Suspicious Behavior
Pricing is based on:
- Collector Appliance Throughout Rating (Gbps)
- Number of Collector Appliances
- Number of Manager Appliances
- Physical or Virtual Deployment
Request a 30 Day Free Trial
Key features include:
-
High-Performance Network Inspection
- Monitoring network traffic at throughput speeds from 100 Mbps to 40 Gbps
- Full session analysis leveraging behavioral and advanced analytical techniques - including Machine Learning (ML) - to identify and respond to anomalous suspicious behavior
- Turnkey physical and virtual appliance form factors
- Physical appliances provide excellent data center economics - minimizing data center footprint (via 1U form factor), power, and cooling needs
- Appliances collectively managed via single pane of glass
- Ingests data in-motion, data in-use, and data at-rest
- Complex threat hunting tasks are automated by leveraging intrusion analysis, intrusion detection, incident response, and event triage
- Alert on malicious network activities, investigate, and perform forensics analysis to determine root cause and then respond using event triage and mitigation
-
Multiple Inspection Techniques
-
Deep File Inspection (DFI) employs detection logic at numerous layers to uncover a wide variety of attack and exploitation techniques
- Rapidly dissects files to expose evasions and malicious content within embedded logic (macros, scripts, applets), semantic context (spreadsheet cells, presentation words, etc.), and metadata (author, edit time, page count, etc)
- Full artifact inspection including session-level metadata (web headers), domains, files, hashes, headers, IPs, SSL certificates and URLs
- Optical Character Recognition (OCR), Computer Vision, and Perception Hashing used to inspect embedded images for presence of malware
- Machine Learning (ML) incorporates advanced algorithms that leverage supervised classifiers and unsupervised clusters - designed to query vast amounts of data, discover patterns, and generate valuable insights
- Algorithms are leveraged to identify/pinpoint threats without the use of IOCs
- Sandbox integrations
- Multi-scanning technologies
-
Deep File Inspection (DFI) employs detection logic at numerous layers to uncover a wide variety of attack and exploitation techniques
-
Breach Detection and Containment
- Full visibility of all inbound and outbound enterprise network traffic flow to determine whether a breach has occurred
- Identifies Command and Control (C2) activity associated with advanced persistent threats (APTs) by performing behavioral analytics and leveraging unique Indicators of Compromise (IoC) acquired and curated by InQuest Labs
- Detects and/or prevents C2 activity of sophisticated actors and their tradecraft - ultimately reducing the dwell time that can eventually lead to data leakage or exfiltration
- Emerging Threat Detection
- Inspection engine utilizes heuristics and signature-based analytical pipelines to identify real-world emerging threats - blocking Zero-Day attacks and N-Day attacks
- Retrospective Malware Detection
- Via RetroHunting, files are inspected for latest threats to ensure even the most sophisticated attacks don’t go undetected - even if initially missed
- Data Loss Prevention
- Inspection of all file content and context to identify data exfiltration - ensuring sensitive information never leaves your environment
- IQScore
- Each file is dissected into an array of artifacts - each artifact is then given an IQ Score
- Scores are driven by all available intelligence including discrete, heuristic, and ML score contributors
- Threat receipts show intel sources at-a-glance
- Signature pairings for "heating" and “cooling" based on latest threat intel
- Block, alert, investigate recommendations give SecOps clear guidance on enforcement policy
- Proactive Threat Intelligence
- Built-in incident response workflow, remediation, and breach containment alleviate investigative workflows for your operators
- Provides the ability to proactively track and hunt for emerging threats that have targeted your environment
- RetroHunt Capability
- SecOps personnel can retrospectively identify the most sophisticated threats to determine which assets have been impacted
- Invisible to outsiders / attackers