THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS

Similar documents
Identify and Lock down 100% of your Leaks. Detect Suspicious Network Behaviors

Enterprise Situational Intelligence

Abstract. The Challenges. ESG Lab Review Lumeta Spectre: Cyber Situational Awareness

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

Transforming Security from Defense in Depth to Comprehensive Security Assurance

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Automating the Top 20 CIS Critical Security Controls

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SIEM Solutions from McAfee

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

align security instill confidence

ForeScout Extended Module for Splunk

Help Your Security Team Sleep at Night

Building Resilience in a Digital Enterprise

SIEMLESS THREAT MANAGEMENT

Managed Security Services - Endpoint Managed Security on Cloud

Integrated, Intelligence driven Cyber Threat Hunting

Seceon s Open Threat Management software

locuz.com SOC Services

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

CyberArk Privileged Threat Analytics

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

IBM services and technology solutions for supporting GDPR program

Best Practices in Securing a Multicloud World

SIEMLESS THREAT DETECTION FOR AWS

Compare Security Analytics Solutions

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Un SOC avanzato per una efficace risposta al cybercrime

McAfee epolicy Orchestrator

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

FOR FINANCIAL SERVICES ORGANIZATIONS

Enhanced Threat Detection, Investigation, and Response

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Visibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

RSA Security Analytics

THE ACCENTURE CYBER DEFENSE SOLUTION

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Security Information & Event Management (SIEM)

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Cisco Stealthwatch Endpoint License

Managed Endpoint Defense

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

SecureVue. SecureVue

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

ForeScout Agentless Visibility and Control

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

PROTECT AND AUDIT SENSITIVE DATA

GDPR: An Opportunity to Transform Your Security Operations

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

MEETING ISO STANDARDS

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Dynamic Datacenter Security Solidex, November 2009

MITIGATE CYBER ATTACK RISK

SIEM: Five Requirements that Solve the Bigger Business Issues

Provisioning Lumeta ESI via AWS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

CIS Controls Measures and Metrics for Version 7

SYMANTEC DATA CENTER SECURITY

RiskSense Attack Surface Validation for Web Applications

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Industrial Defender ASM. for Automation Systems Management

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

UNIFICATION OF TECHNOLOGIES

CIS Controls Measures and Metrics for Version 7

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

Agile Security Solutions

Virtualized Network Services SDN solution for enterprises

Designing and Building a Cybersecurity Program

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

A Risk Management Platform

Qualys Cloud Platform

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0

McAfee Endpoint Threat Defense and Response Family

Reducing the Cost of Incident Response

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Securing Your Microsoft Azure Virtual Networks

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Snort: The World s Most Widely Deployed IPS Technology

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Intelligent Edge Protection

ForeScout Extended Module for Carbon Black

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Transcription:

DATA SHEET THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS LUMETA SPECTRE FOR 100% REAL-TIME INFRASTRUCTURE VISIBILITY, REAL-TIME NETWORK CHANGE MONITORING AND THREAT DETECTION FOR PREVENTING SUCCESSFUL BREACHES. Today s new and dynamic infrastructures challenge Network and Security teams to keep up with identifying and securing unknown, rogue and shadow networks and endpoints while also keeping track of constant changes based on enterprise mobility, virtualization, cloud-based infrastructure and policy-based network segmentation. Lumeta Spectre provides unmatched Real-Time cyber situational awareness that enables network and security teams to not only discover and see even the darkest corners of these dynamic and often obscured infrastructures but also monitor changes or unusual behaviors to eliminate the ability for attackers to exploit these common gaps in visibility. 1 2 3 4 Eliminate 100% of your Infrastructure Blind Spots See 100% of Dynamic Network Changes Identify and Lock down 100% of your Leaks Detect Suspicious Network Behaviors Find, on average, 40% more IPs and even whole networks beyond other visibility or security solution Monitor for Every Network and Endpoint Add/Drop or Path Change especially at the Edge/Perimeter Within minutes uncover unauthorized movement, segmentation violations and leak paths Detect unauthorised flows, encryption, Zombies, C2 activity and other attack vectors common to advanced attacks

REAL-TIME CYBER SITUATIONAL AWARENESS NETWORK INFRASTRUCTURE ANALYSIS Because of network change which is accelerating as networks move to virtual, cloud, SDN there is a visibility gap (difference between assumed/ known and what is actually found), typically 20% or more in larger networks. Lumeta Spectre hunts for dynamic changes to the network edge and changes caused by virtual, cloud, mobile assets on your network. Recursive Network Indexing provides a real-time, authoritative view of your network infrastructure. Index of the network and all attached endpoints for a true view of the network (what devices are connected to the network, and how; what address space is in use) Dynamic Network Edge Definition Identification of rogue networks and devices Map shadow IT (virtual, cloud, mobile) Real-time Network Infrastructure Updates (Broadcast, OSPF, BGP, etc.) Unreachable Network Segment Identification Device Indexing/Profiling Enterprise-wide Certificate Identification Network Topology Mapping Port Mapping/Usage CYBERSECURITY BREACH DETECTION Lumeta Spectre hunts for anomalous behavior to find meaning in the data and to quickly prioritize any issues for remediation. Spectre includes the ability to ingest third-party threat intelligence feeds (Accenture idefense subscription is included) to correlate with network data: NETWORK SEGMENTATION ANALYSIS Lumeta Spectre hunts for leak paths to the Internet or in between firewalled enclaves. Leak Path Identification: Layer 3 segmentation analytics identify leak paths to the Internet or rogue paths between enclaves which may be exploited for malicious activity Unauthorized Internet Connectivity Multi-homed Host Identification Split Tunneling Identification Unauthorized Bridging Device Identification Hybrid Physical/Virtual Segmentation Unknown Network Identification: Lumeta validates your known versus found networks Forwarding Device Census Rogue Network/Forwarder Identification BIG DATA AND ADVANCED ANALYTICS The Lumeta Spectre platform has an embedded Hadoop Distributed File Store (HDFS) which allows for the collection, storage and analysis of huge amounts of unstructured data in real-time. Lumeta Spectre can ingest external data streams such as NetFlow data and Threat Intelligence feeds to correlate with Spectre s real-time indexing data. This allows for deeper drill-down analytics to rapidly find more meaning in large amounts of data, and help organizations address network vulnerabilities and cybersecurity threats as they occur. Threat Flows: Find live communications occurring with adversaries (correlate NetFlow to malware command and control servers) Highlight internal use/accessibility of known Trojan and malware ports ( red and malicious ports) Hunt for unauthorized (zombie) communications flows to known bad actor sites. 1

RECURSIVE NETWORK INDEXING Lumeta Spectre uses a unique always on technique to produce an authoritative network summary a recursive cycle of targeting, indexing, tracing, monitoring, profiling, and displaying a network s state. Combines passive indexing (listening) for newly connected network infrastructure, devices and previously unmanaged assets, and Then targets active indexing, techniques in context to crawl the network when and where those changes occur. INDEXING TYPE WHAT IS THIS? BENEFIT Network Discovery (ND), Layer 2 Discovery (L2) Actively index forwarders and paths using ICMP, TCP, UDP, DNS via TTL-tracing, responses. Index network infrastructure devices, route tables, ARP tables, switch TCAM, VLANs using SNMP, LLDP. Authoritatively identifies the full address space in use and the edge of the managed enterprise network, through use of recursive additions of newly identified address targets. Host Discovery (HD) Actively index devices attached to network via ICMP, TCP, UDP, DNS, SNMP interrogation and responses Provides the authoritative census of devices are there, now, connected to network. Device Profiling (DP) Actively fingerprints the indexed census of devices on the network using TCP (OS detection), CIFS, HTTP/S, SNMP Provides a high confidence (agent-less) assessment of device type, manufacturer, OS, certificates and certificate status. Service (Port) Discovery (SD) Actively index ports within the profiled census of devices using a configured list or a full port scan by using TCP SYN/ACK response Authoritatively identifies TCP ports in use and highlight deviations/violations from policy. Leak Discovery (LD) Actively index leak-paths that exist in the L3 routed domain between network segments using Lumeta proprietary TCP packet spoofing. Authoritatively identifies network segmentation violations between networks at L3. Enhanced Perimeter Discovery (EPD) Index L2 bridging and forwarding devices using ARP listening to assemble candidate MAC/IP pairs and Lumeta proprietary active TCP packet injection targeting each MAC/IP pairs default gateway. Authoritatively identifies L2 bridging and forwarding violations within multi-homed hosts or devices with multiple interfaces. Network Control Plane Context Probe and index network change by participating in control domain using OSPF, BGP, ICMPv6, ARP, DHCP, DNS analysis (others to come). Authoritatively identifies the presence of cloud, virtual/mobile devices and network infrastructure (NFVs) in real-time. www.lumeta.com 2

REAL-TIME CYBER SITUATIONAL AWARENESS Steady state Upon initial deployment of Spectre, a baseline of normal network behavior is established over a short period of time. This baseline describes the network s steady state that range of behavior indicating health and normalcy on the network. Once certain parameters have been defined as normal, Spectre continuously monitors and flags any departure from one or more of them as anomalous. Progress to auto-pilot As new infrastructure elements are discovered, results are automatically tuned and refined. Discoveries trigger new threads of collection activity. The raw data backing map nodes is automatically updated. Maps refresh to display newly discovered entities. IT professionals are alerted to precisely those network events that merit attention. All in real time. Indexing Stats Dashboard on the Command Center showing device counts, event counts, and event types across zones and featuring drill-down capability 3

VISUAL ANALYTICS Visualization, mapping, reporting and alerting capabilities allow network security analysts to quickly make relevant decisions about incidents, while still providing forensic experts with details about any incidents and its relation to other historical anomalies. Dashboards An operational overview of Zones, Notifications, Cyber Threats and Network Anomalies. Dashboards are configurable and user-definable, and provide comprehensive visibility into the entire network infrastructure including data about network connections and devices. When new devices connect to the network, IT professionals are notified in real-time. Zones Create discovery zones, with individual rules and policies, to partition the continuous monitoring of security controls for compliance with regulatory and internal information security policies. This allows for discovery of enclaves, segregated networks, overlapping IP spaces, and more. Dynamic Mapping An interactive network topology map enabling global visibility across the enterprise from high-level to specific devices. The map updates in realtime as the network changes and includes sound alerts, visual effects and on-screen messaging to make it easier to stay apprised of changes. Robust Reporting Displaying a specific Zone s index of findings, real-time reporting tools track network asset information and quickly identify changes in the network infrastructure. Next-generation reports include compliance reports and custom reports all with drilldown capabilities. Historical Reporting is also available, letting you schedule snapshot-in-time reports to run on a regular, automated basis -building a useful audit trail against which you can identify changes in your network over time. Advanced Analytics using Query Builder & Advanced Search You ll be able to work with ingested data to write SQL-backed queries (via direct SQL queries or using the Query Builder) that draw on the relationship between network, flow, and intelligence data. You can work big data, asking and answering questions of interest to your enterprise, and then filter the returned data set with an unprecedented level of control and specificity. Lumeta Spectre dashboard showing network-based core indices www.lumeta.com 4

REAL-TIME CYBER SITUATIONAL AWARENESS LAYER ZERO OF THE SECURITY & NETWORK MANAGEMENT ECOSYSTEM ARCHITECTURE Lumeta Spectre is integrated with the ecosystem of security and network management tools such as IPAM, Modeling Tools, HVA, SIEM, GRC, Endpoint Detection & Response, Threat Intelligence.* Use of Lumeta Spectre s foundational intelligence maximizes the effectiveness and protects your investment in those tools. Lumeta Spectre zone and indexing configuration. Lumeta Spectre map. 5

Lumeta Spectre Breach Detection dashboard showing zombie and Tor devices on the enterprise network, netflow to/from Tor and open ports associated with nefarious activity. SCALABLE TO THE WORLD S LARGEST NETWORKS WITH TWO-TIER ARCHITECTURE Lumeta Spectre does not disrupt operations in order to completely index a network - no matter how far-flung or numerous the resources are. Spectre scales to handle large data sets as easily as it does small data sets. Lumeta Spectre is available in a Cloud or Virtual Machine, and uses a distributed, two-tier model proven at the world s most complex networks. The system includes the Spectre Command Center and Spectre Scouts. Spectre Command Center: A web-based management platform for administration, configuration, monitoring, visualization and reporting. The Command Center performs network architecture and segmentation analysis. Spectre Scout: A distributed system for collection of network intelligence, reporting back to the Spectre Command Center. Smart sensors perform active and passive indexing. They can be connected (virtually) to multiple zones or regions. PRODUCT HIGHLIGHTS Authoritative network baseline and real-time visibility. Validate/confirm known and unknown IP addresses on the network WITHOUT AGENTS. Real-time leak path detection. Embedded Hadoop Distributed File System (HDFS) for cybersecurity breach analytics (identify threat flows, access to known Trojan or malware ports, zombies) in conjunction with ingested feeds such as threat intelligence or flow data. Real-time alerts and notifications flag departures from the network steady state.combined active scanning and passive listening techniques. Comprehensive, detailed network topology maps. Highly scalable to accurately index the largest networks. Little to no impact on network performance, and easy to deploy (agentless). Snapshot reports available to build an audit trail. Complementary with deployed security stack/ platforms. Automates key Center for Internet Security (CIS) Critical Security Controls. Aligns with Continuous Monitoring (US) and Protective Monitoring (UK) security programs. *Refer to the Real-Time Network Behavior Analytics & Cybersecurity Breach Detection with Lumeta Spectre Solution Brief for cybersecurity use cases. www.lumeta.com 6

LUMETA SPECTRE PORTAL The Lumeta Spectre Portal enables you to gather and centralize insights from multiple Lumeta Spectre Command Centers and stay apprised of their operational status. Using it, you can view the geographical position of Command Centers and know immediately when a priority event has occurred in a network associated with your Spectre infrastructure. Portal users can also view the dashboards, maps, reports, and device details for any deployed Command Center. Priority notifications for a particular Command Center will appear in real time on the Portal. The number and severity of notifications issues at the Command Center level are transmitted to the Portal and displayed in beaconing and badge indicators on its map. Notification details also display below the map. The Notifications table provides details on the 50 most-recent ALERT, WARN and ALERT level notifications issued by all of your Command Centers. The Portal stays continuously in sync with the Command Centers and communication between the two occurs securely over TCP port 443 using HTTPS with SSL encryption. The Lumeta Spectre Portal shares the same code base, operating system, support libraries, and versioning as Lumeta Spectre Command Centers and Lumeta Spectre Scouts and are intended to be used together. Lumeta Spectre Portal home screen displaying a few Lumeta Spectre Command Centers drawn against a geo-map. LUMETA CORPORATION 300 ATRIUM DRIVE SUITE 302 SOMERSET NJ 08873 USA +1.732.357.3500 www.lumeta.com 2017 Lumeta Corporation. All rights reserved. Lumeta, the Lumeta logo and IPsonar are registered trademarks of Lumeta Corporation in the United States and other countries. All other trademarks or service marks are the property of their respective owners.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback