Deeper security intelligence
|
- Dynamic Endpoint Modeling (DEM) is a managed service system comprising real-time network flow data, advanced security analytics, and big-data methods to continuously model all network devices.
- Fully automated, real-time analysis of device level network traffic and patterns of communication.
- Provides high fidelity of security alerts, enabling smarter security actions.
|
Cloud platform
|
Greatly simplified deployment:
- No specialized hardware to purchase
- No software agents to deploy
- No expertise required
|
Managed services agility
|
- Save time and money from constantly hiring more expertise while attempting to maintain a continuous vigil to ensure the integrity of systems and data.
- Attain a stronger security posture with a managed automated platform to rapidly identify compromised and misused devices, enable facilitate faster remediation, and reduce the risk and cost associated with breaches.
|
Software-as-a-Service subscription
|
- Simplify threat detection and response with an advanced security capability available as a SaaS subscription.
- Cost-effective monthly and annual subscription plans.
|
Dynamic Endpoint Modeling (DEM)
|
- Rapidly identifies early stage and hidden indicators of compromise
- 100% functionality in encrypted environments; no “man in the middle"
- No signature lists to update
- No software agents to deploy
Provides continuous modeling across multiple dimensions of analysis:
- Forecast: This dimension supports algorithms that predict device behavior based on past activities, and assesses observed behavior against these predictions.
- Group: This dimension supports algorithms that assess devices for consistency in behavior by comparison to similar devices.
- Role: This dimension supports algorithms that use the dynamically recognized role of the network device to detect activities inconsistent with that role.
- Rule: This dimension supports algorithms that detect when endpoints are breaking established network rules including protocol/port correctness, profile characteristics, and blacklist communication.
- Consistency: This dimension supports algorithms that recognize when a device has critically deviated from its past behavior – both in data transmission and access characteristics.
Threat detection:
- Dynamically scalable analytics engine capable of analyzing along multiple threat dimensions.
Intelligent correlation:
- Analytics engine analyzes endpoint model data in real-time, quickly identifying tangible behavioral events and deviations while eliminating background noise and innocuous events to significantly reduce the number of false positives.
- Configurable alert sensitivity
|
100% endpoint agnostic
|
- Supports all IP-based endpoint types
- Supports all endpoint hardware manufacturers
- Supports all OS types
- Supports physical and virtual endpoints
|
All networks sizes and types
|
- From 50–500,000+ endpoints
- Supports IT and operations technology (OT) networks
|
DEM passive network sensor
|
- Available as a free virtual appliance
- Hardened Linux distribution
- Deployment onto physical and virtual hosts
- Monitoring of both physical and virtual endpoints
- Monitoring selectable by network subnets
- Supports multiple port mirroring and monitoring standards such as SPAN, mirror, and TAP
- Network flow collection up to 10 Gbps per NIC
- Support for multiple NICs
- Extended protocol flagging
- Extended support for DNS
- Supports third-party network flow protocols such as NetFlow, sFlow, and JFlow
|
Management dashboard
|
- Provides unobstructed visibility into the behavior of all network endpoints and real-time alerts to clear behavioral anomalies and present indicators of compromise.
- Customizable notifications providing flexible notification frequency and distributions.
Highly structured access to detailed security intelligence:
- Simple data visualization and drill-down
- Simple CSV upload to organize and simplify network subnet segmentation presentation
Intuitive end-user functionality to core service features:
- Administration
- Configuration
- Alert notification and workflow
- Forensics and reporting
Convenient configuration of alertable conditions:
- abuse.ch is automatically updated and enforced on all devices
- Custom blacklists and external threat intelligence upload support
- Configurable geo blacklist violations
- Easy accountability for known scanners and SNMP managers
|
OmniView Visibility
|
Unified functionality for multiple DEM sensors:
- All traffic directions: 360 degrees of network coverage including north/ south and east/west traffic flows
- All periods of time: Real-time through 6 months of history (standard); longer retention periods available
- All devices: coverage across entire network of devices
- All network perimeters
|
Robust system security
|
- All persistent data stored in compressed, encrypted form in key-based systems
- All network communications utilize strong encryption and two-factor authentication
|
Flexible integration stack
|
- Integration with existing security tools and dashboards via syslog and API
- STIX integration (coming soon)
|