deep node - the ultimate threat hunting platform (1)
TRANSCRIPT
Sophisticated Hackers Cutting Through Traditional Security Defenses, Evading Detection Until It's Too Late
How Do You Stop "Unknown Unknown" Cyberattacks?
q Targeted, stealthy, and persistent
q No prior threat intelligence exists
q Exploits zero-day, new attack vector
q Does not generate alert or event
q "Authorized" / internal access
q Operates within statistical norms
Traditional Defenses
ü SIEM
ü IDS/IPS
ü NGFW
ü Endpoint
Critical Data
"Unknown Unknown" Cyber Threats
100 – 200 Days Industry estimate for time-to-detection of a cybercrime CISCO 2016 Annual Security Report
“The trend lines between time-to-compromise and time-to-discovery plainly show attackers are getting better/faster at what they do at a higher rate than defenders are improving their trade. This doesn’t scale well, people.” Verizon 2014 Data Breach Investigations Report
We Enable Analysts to Cut Through the Blinding Complexity of Cyberspace to Catch the Most Sophisticated Threats
Go Threat Hunting with Deep Node to Discover "Unknown Unknowns"
THE ULTIMATE THREAT HUNTING PLATFORM
Screenshot: An ac&ve covert channel and exfiltra&on in-‐progress discovered by an analyst using Deep Node
² 3D VISUAL ANALYTICS AND PATTERN RECOGNITION
² AI-ASSISTED ANOMALY DETECTION AND BEHAVIORAL ANALYSIS
² REAL-TIME SITUATIONAL AWARENESS
² UNLIMITED SIMULTANEOUS FEEDS à WIRE DATA, SIEM, IDS...
² CYBER-COMBAT MANEUVERING & INSTRUMENTATION
Elevate Analyst Productivity à Hunt Down the Hackers Already Inside the Network à Engage in Real-Time Cyber Operations
Our Value Proposition to Security Operations
Analyst Productivity Threat Hunting Cyber Combat
Find answers faster Discover "unknown unknowns" Counter the adversary's tac8cs
Improving Core Performance Metrics and KPIs
§ Incident and event inves&ga&on speed § Ticket clearance rate / &me-‐to-‐close § Time-‐to-‐detec&on of hidden threats § Time-‐to-‐mi&ga&on and containment
Incident Resolu9on on a Common Opera9ng Picture
Report, review, and replay incidents using video capture from Deep Node to bridge communica=on across shi> rota=ons and facilitate discussion across all stakeholders, from analyst to manager, CISO to CEO, MSSP to client.
Go Hunting Inside Critical Data Streams to Reveal Anomalous Patterns, Suspicious Simultaneity, and Hidden Correlation
Connecting-the-Dots to Catch What Doesn't Want to be Found
Screenshot: Inves&ga&ng IDS alerts at cri&cal assets in context to concurrent network traffic (wire data)
Myriad Data Sources and Feeds...
ü Network traffic (wire data)
ü SIEM events and logs
ü IDS alerts
ü SCADA / Internet-‐of-‐Things
ü NetFlow, PCAP, syslog
ü Threat intelligence
Live and Real-‐Time
Incident / Inves9ga9on-‐related
"Big Data" or Historical
...From Any Time, Past to Present
Our Patent-Pending "Timewell" Allows Analysts to Look Into the Past to Investigate Anomalous Patterns and Behaviors
How It Works
(Above) Investigating the communication pattern between two hosts in context with all other host activity on the network
When you look into the screen, you look back in time at a record of activity for the time period and feed(s) selected
Watch Deep Node in Action
Detec&ng a Covert Channel Connec&ng-‐the-‐Dots on SSH Stopping a Brute Force AJack Hun&ng for a hacker embedded in the network; ac&ve exfiltra&on in-‐progress
Seeing suspicious simultaneity in network traffic flows to catch lateral movement
Taking ac&on in real-‐&me to counter a common aJack strategy
hJps://www.youtube.com/watch?v=ABit2JIUWpE hJps://www.youtube.com/watch?v=TCpL8cgZJPs
Click on Links Below to be Redirected to YouTube
hJps://www.youtube.com/watch?v=x7LFd7ufHf0
Does not require replacement or reconfigura&on of any exis&ng security technology
Complements all future security investments (e.g., new threat intelligence feeds)
Will not interrupt opera&ons–an enhancement to current workflow when needed
Vendor-‐agnos&c—Ingests and visualizes data feeds from any and all vendors
Fast and easy deployment; op&onal appliance or local installa&on
Affordable, Easy to Deploy, and Providers Immediate Gains in Advanced Threat Hunting and Faster Event Investigation
A Low Risk, High Reward Investment
Immersing Threat Hunters Inside Cyberspace to Capture Economies-of-Intellect and Unlock the Power of Collaboration
Vision of the Future
Security Operations Director / Commander
John
Jane
Jim
Packet inspec&on
PaJern analysis
Asset monitoring