Threat detection and response is a critical piece in an ongoing journey to improve your security program, but feeling confident in your coverage can seem challenging with a remote workforce. When users are remote, they may be operating assets like laptops in potentially hostile networks outside of IT and security’s control. And to do their jobs effectively, your remote employees still need access to company data and key applications.
To combat these challenges, we’ve developed a comprehensive approach to detection and response, to help you enable business continuity, keep your organization protected (no matter where they are), and build a foundation for success across your entire environment.
When employees move off-site it creates a very complex environment for security teams to understand what normal looks like. Is this a valid user working somewhere else, are they logging on from home, a coffee shop or is this malicious use of credentials? CYBERSHIELD platform uses User Behaviour Analytics and uses finely tuned analytics and machine learning to quickly establish a baseline and can recognise if subtle differences and anomalous activity.
We have a wide range of tools and information that we are constantly using to understand and look for malicious and abnormal behaviour. CYBERSHIELD creates profiles for what is normal by using information such as login times, devices being used, locations and various other metrics. It all contributes to working out if this event is normal or should we raise a behavioural flag or a full alarm.
When users are remote, you may also use more cloud applications and services, such as Office 365, Azure, and AWS. CYBERSHIELD can aggregate Security Centre alerts from Microsoft Event Hubs, and recognize a user or environment changes in AWS and alert our team on these changes right away.
We detect stealthy malicious behaviours across the entire MITRE ATT&CK framework. Unlike tools that just focus on signatures on the endpoint, CYBERSHIELD comprehensively applies User Behavior Analytics to authentications across your environment. This includes your Active Directory, cloud services, VPN, endpoints, and IaaS. When we detect a compromised user account with CYBERSHIELD, we can directly isolate the account and asset.
CYBERSHIELD uses both Attacker Behavior Analytics and threat intelligence to detect known and unknown malware on the endpoint. Whenever we detect a malicious process, we can use our agent to remotely kill the process, as well as quarantine the asset from the network. Once we identify a compromised user account or endpoint in CYBERSHIELD, we can take direct and immediate action to contain the threat.