THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS

Transcription

1 DATA SHEET THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS LUMETA SPECTRE FOR 100% REAL-TIME INFRASTRUCTURE VISIBILITY, REAL-TIME NETWORK CHANGE MONITORING AND THREAT DETECTION FOR PREVENTING SUCCESSFUL BREACHES. Today s new and dynamic infrastructures challenge Network and Security teams to keep up with identifying and securing unknown, rogue and shadow networks and endpoints while also keeping track of constant changes based on enterprise mobility, virtualization, cloud-based infrastructure and policy-based network segmentation. Lumeta Spectre provides unmatched Real-Time cyber situational awareness that enables network and security teams to not only discover and see even the darkest corners of these dynamic and often obscured infrastructures but also monitor changes or unusual behaviors to eliminate the ability for attackers to exploit these common gaps in visibility Eliminate 100% of your Infrastructure Blind Spots See 100% of Dynamic Network Changes Identify and Lock down 100% of your Leaks Detect Suspicious Network Behaviors Find, on average, 40% more IPs and even whole networks beyond other visibility or security solution Monitor for Every Network and Endpoint Add/Drop or Path Change especially at the Edge/Perimeter Within minutes uncover unauthorized movement, segmentation violations and leak paths Detect unauthorised flows, encryption, Zombies, C2 activity and other attack vectors common to advanced attacks

2 REAL-TIME CYBER SITUATIONAL AWARENESS NETWORK INFRASTRUCTURE ANALYSIS Because of network change which is accelerating as networks move to virtual, cloud, SDN there is a visibility gap (difference between assumed/ known and what is actually found), typically 20% or more in larger networks. Lumeta Spectre hunts for dynamic changes to the network edge and changes caused by virtual, cloud, mobile assets on your network. Recursive Network Indexing provides a real-time, authoritative view of your network infrastructure. Index of the network and all attached endpoints for a true view of the network (what devices are connected to the network, and how; what address space is in use) Dynamic Network Edge Definition Identification of rogue networks and devices Map shadow IT (virtual, cloud, mobile) Real-time Network Infrastructure Updates (Broadcast, OSPF, BGP, etc.) Unreachable Network Segment Identification Device Indexing/Profiling Enterprise-wide Certificate Identification Network Topology Mapping Port Mapping/Usage CYBERSECURITY BREACH DETECTION Lumeta Spectre hunts for anomalous behavior to find meaning in the data and to quickly prioritize any issues for remediation. Spectre includes the ability to ingest third-party threat intelligence feeds (Accenture idefense subscription is included) to correlate with network data: NETWORK SEGMENTATION ANALYSIS Lumeta Spectre hunts for leak paths to the Internet or in between firewalled enclaves. Leak Path Identification: Layer 3 segmentation analytics identify leak paths to the Internet or rogue paths between enclaves which may be exploited for malicious activity Unauthorized Internet Connectivity Multi-homed Host Identification Split Tunneling Identification Unauthorized Bridging Device Identification Hybrid Physical/Virtual Segmentation Unknown Network Identification: Lumeta validates your known versus found networks Forwarding Device Census Rogue Network/Forwarder Identification BIG DATA AND ADVANCED ANALYTICS The Lumeta Spectre platform has an embedded Hadoop Distributed File Store (HDFS) which allows for the collection, storage and analysis of huge amounts of unstructured data in real-time. Lumeta Spectre can ingest external data streams such as NetFlow data and Threat Intelligence feeds to correlate with Spectre s real-time indexing data. This allows for deeper drill-down analytics to rapidly find more meaning in large amounts of data, and help organizations address network vulnerabilities and cybersecurity threats as they occur. Threat Flows: Find live communications occurring with adversaries (correlate NetFlow to malware command and control servers) Highlight internal use/accessibility of known Trojan and malware ports ( red and malicious ports) Hunt for unauthorized (zombie) communications flows to known bad actor sites. 1

3 RECURSIVE NETWORK INDEXING Lumeta Spectre uses a unique always on technique to produce an authoritative network summary a recursive cycle of targeting, indexing, tracing, monitoring, profiling, and displaying a network s state. Combines passive indexing (listening) for newly connected network infrastructure, devices and previously unmanaged assets, and Then targets active indexing, techniques in context to crawl the network when and where those changes occur. INDEXING TYPE WHAT IS THIS? BENEFIT Network Discovery (ND), Layer 2 Discovery (L2) Actively index forwarders and paths using ICMP, TCP, UDP, DNS via TTL-tracing, responses. Index network infrastructure devices, route tables, ARP tables, switch TCAM, VLANs using SNMP, LLDP. Authoritatively identifies the full address space in use and the edge of the managed enterprise network, through use of recursive additions of newly identified address targets. Host Discovery (HD) Actively index devices attached to network via ICMP, TCP, UDP, DNS, SNMP interrogation and responses Provides the authoritative census of devices are there, now, connected to network. Device Profiling (DP) Actively fingerprints the indexed census of devices on the network using TCP (OS detection), CIFS, HTTP/S, SNMP Provides a high confidence (agent-less) assessment of device type, manufacturer, OS, certificates and certificate status. Service (Port) Discovery (SD) Actively index ports within the profiled census of devices using a configured list or a full port scan by using TCP SYN/ACK response Authoritatively identifies TCP ports in use and highlight deviations/violations from policy. Leak Discovery (LD) Actively index leak-paths that exist in the L3 routed domain between network segments using Lumeta proprietary TCP packet spoofing. Authoritatively identifies network segmentation violations between networks at L3. Enhanced Perimeter Discovery (EPD) Index L2 bridging and forwarding devices using ARP listening to assemble candidate MAC/IP pairs and Lumeta proprietary active TCP packet injection targeting each MAC/IP pairs default gateway. Authoritatively identifies L2 bridging and forwarding violations within multi-homed hosts or devices with multiple interfaces. Network Control Plane Context Probe and index network change by participating in control domain using OSPF, BGP, ICMPv6, ARP, DHCP, DNS analysis (others to come). Authoritatively identifies the presence of cloud, virtual/mobile devices and network infrastructure (NFVs) in real-time. 2

4 REAL-TIME CYBER SITUATIONAL AWARENESS Steady state Upon initial deployment of Spectre, a baseline of normal network behavior is established over a short period of time. This baseline describes the network s steady state that range of behavior indicating health and normalcy on the network. Once certain parameters have been defined as normal, Spectre continuously monitors and flags any departure from one or more of them as anomalous. Progress to auto-pilot As new infrastructure elements are discovered, results are automatically tuned and refined. Discoveries trigger new threads of collection activity. The raw data backing map nodes is automatically updated. Maps refresh to display newly discovered entities. IT professionals are alerted to precisely those network events that merit attention. All in real time. Indexing Stats Dashboard on the Command Center showing device counts, event counts, and event types across zones and featuring drill-down capability 3

5 VISUAL ANALYTICS Visualization, mapping, reporting and alerting capabilities allow network security analysts to quickly make relevant decisions about incidents, while still providing forensic experts with details about any incidents and its relation to other historical anomalies. Dashboards An operational overview of Zones, Notifications, Cyber Threats and Network Anomalies. Dashboards are configurable and user-definable, and provide comprehensive visibility into the entire network infrastructure including data about network connections and devices. When new devices connect to the network, IT professionals are notified in real-time. Zones Create discovery zones, with individual rules and policies, to partition the continuous monitoring of security controls for compliance with regulatory and internal information security policies. This allows for discovery of enclaves, segregated networks, overlapping IP spaces, and more. Dynamic Mapping An interactive network topology map enabling global visibility across the enterprise from high-level to specific devices. The map updates in realtime as the network changes and includes sound alerts, visual effects and on-screen messaging to make it easier to stay apprised of changes. Robust Reporting Displaying a specific Zone s index of findings, real-time reporting tools track network asset information and quickly identify changes in the network infrastructure. Next-generation reports include compliance reports and custom reports all with drilldown capabilities. Historical Reporting is also available, letting you schedule snapshot-in-time reports to run on a regular, automated basis -building a useful audit trail against which you can identify changes in your network over time. Advanced Analytics using Query Builder & Advanced Search You ll be able to work with ingested data to write SQL-backed queries (via direct SQL queries or using the Query Builder) that draw on the relationship between network, flow, and intelligence data. You can work big data, asking and answering questions of interest to your enterprise, and then filter the returned data set with an unprecedented level of control and specificity. Lumeta Spectre dashboard showing network-based core indices 4

6 REAL-TIME CYBER SITUATIONAL AWARENESS LAYER ZERO OF THE SECURITY & NETWORK MANAGEMENT ECOSYSTEM ARCHITECTURE Lumeta Spectre is integrated with the ecosystem of security and network management tools such as IPAM, Modeling Tools, HVA, SIEM, GRC, Endpoint Detection & Response, Threat Intelligence.* Use of Lumeta Spectre s foundational intelligence maximizes the effectiveness and protects your investment in those tools. Lumeta Spectre zone and indexing configuration. Lumeta Spectre map. 5

7 Lumeta Spectre Breach Detection dashboard showing zombie and Tor devices on the enterprise network, netflow to/from Tor and open ports associated with nefarious activity. SCALABLE TO THE WORLD S LARGEST NETWORKS WITH TWO-TIER ARCHITECTURE Lumeta Spectre does not disrupt operations in order to completely index a network - no matter how far-flung or numerous the resources are. Spectre scales to handle large data sets as easily as it does small data sets. Lumeta Spectre is available in a Cloud or Virtual Machine, and uses a distributed, two-tier model proven at the world s most complex networks. The system includes the Spectre Command Center and Spectre Scouts. Spectre Command Center: A web-based management platform for administration, configuration, monitoring, visualization and reporting. The Command Center performs network architecture and segmentation analysis. Spectre Scout: A distributed system for collection of network intelligence, reporting back to the Spectre Command Center. Smart sensors perform active and passive indexing. They can be connected (virtually) to multiple zones or regions. PRODUCT HIGHLIGHTS Authoritative network baseline and real-time visibility. Validate/confirm known and unknown IP addresses on the network WITHOUT AGENTS. Real-time leak path detection. Embedded Hadoop Distributed File System (HDFS) for cybersecurity breach analytics (identify threat flows, access to known Trojan or malware ports, zombies) in conjunction with ingested feeds such as threat intelligence or flow data. Real-time alerts and notifications flag departures from the network steady state.combined active scanning and passive listening techniques. Comprehensive, detailed network topology maps. Highly scalable to accurately index the largest networks. Little to no impact on network performance, and easy to deploy (agentless). Snapshot reports available to build an audit trail. Complementary with deployed security stack/ platforms. Automates key Center for Internet Security (CIS) Critical Security Controls. Aligns with Continuous Monitoring (US) and Protective Monitoring (UK) security programs. *Refer to the Real-Time Network Behavior Analytics & Cybersecurity Breach Detection with Lumeta Spectre Solution Brief for cybersecurity use cases. 6

8 LUMETA SPECTRE PORTAL The Lumeta Spectre Portal enables you to gather and centralize insights from multiple Lumeta Spectre Command Centers and stay apprised of their operational status. Using it, you can view the geographical position of Command Centers and know immediately when a priority event has occurred in a network associated with your Spectre infrastructure. Portal users can also view the dashboards, maps, reports, and device details for any deployed Command Center. Priority notifications for a particular Command Center will appear in real time on the Portal. The number and severity of notifications issues at the Command Center level are transmitted to the Portal and displayed in beaconing and badge indicators on its map. Notification details also display below the map. The Notifications table provides details on the 50 most-recent ALERT, WARN and ALERT level notifications issued by all of your Command Centers. The Portal stays continuously in sync with the Command Centers and communication between the two occurs securely over TCP port 443 using HTTPS with SSL encryption. The Lumeta Spectre Portal shares the same code base, operating system, support libraries, and versioning as Lumeta Spectre Command Centers and Lumeta Spectre Scouts and are intended to be used together. Lumeta Spectre Portal home screen displaying a few Lumeta Spectre Command Centers drawn against a geo-map. LUMETA CORPORATION 300 ATRIUM DRIVE SUITE 302 SOMERSET NJ USA Lumeta Corporation. All rights reserved. Lumeta, the Lumeta logo and IPsonar are registered trademarks of Lumeta Corporation in the United States and other countries. All other trademarks or service marks are the property of their respective owners.