The Active Defense Grid
5 Reasons to Pilot HawkEye G
Experience machine-guided and automated response capabilities enabling containment and
j
elimination of cyber threats at machine speeds.
kExperience a positive ROI driven by reducing manual, time-intensive response efforts and
enabling you to better leverage existing staff.
lEnable shift from incident response to continuous response.
mGain increased visibility into endpoint and network behavior to better detect malicious activity.
nIt’s complementary and adds value to your existing security controls.
Active deployments of our HawkEye G advanced threat detection,
investigation, and automated response solution validate what we read
about every day: cyber threats are increasing in volume, severity, and
are evading organizations’ existing defenses. Figure 1 depicts botnet
callback activity that HawkEye G has detected over the last 6 months
in one specific network. While this activity ranges from benign to
malicious, we’ve detected numerous examples of activity that was
deemed to be either malicious or having high risk of being malicious.
Botnet Trends via HSOC Command & Control
Number of
botnet callback
incidents
Figure 1.
HawkEye G detects an average
of 5 botnet callback activities a
day on just one specific network
DAYS
Examples include:
ZEUS VARIANT HawkEye G observed a pattern of suspicious network behavior
in an enterprise customer’s environment. A Windows laptop was sending traffic that
resembled malicious beaconing to an external command and control server and the
traffic was occurring at an unusually high rate. Within one second, HawkEye G traced
this network connection to a host and identified further suspicious activity on the host,
namely an executable running out of a user’s personal data directory. It took HawkEye
G a mere 34 seconds to take action and kill the process.
TSUNAMI MALWARE HawkEye G detected Tsunami malware in a health care
customer. This remote access Trojan yielded risk of exfiltration of sensitive PII and PHI.
UNAUTHORIZED ADVERSARY COMMUNICATION In a deployment with a
government organization, HawkEye G detected unauthorized communications with
a Nation State adversary.
Today’s Environment Requires Continuous
Monitoring and Response Leveraging Automation
The security paradigm is shifting to not “if” but “when” and “how often.” This requires
organizations to adopt security solutions that provide increased visibility into host and network
activity. However, providing increased visibility alone is not enough given issues related to
alert overload and false positives. Therefore, visibility must be combined with collaboration,
correlation, and corroboration.
The nature of today’s attack environment also requires organizations to not only invest
more in incident response but to shift the model from episodic, incident response (manual and
expensive) to a continuous response model that leverages automation.
Contact us today:
Government
Stephany Mackay
[email protected]
(703) 727-6604
Commercial
Gary Woods
[email protected]
(410) 977-5376
A Pilot Program Consists of 3 Easy Steps
Step 1: Kickoff
Step 2: Automated Threat Investigation and Removal
Step 3: Threat Investigation and Remediation Report
Copyright © 2015 Hexis Cyber Solutions, Inc. All rights reserved. Hexis Cyber Solutions, HawkEye and NetBeat are protected by U.S. and international copyright and
intellectual property laws and are registered trademarks or trademarks of Hexis Cyber Solutions Inc. in the United States and/or other jurisdictions. All other marks and
names mentioned herein may be trademarks of their respective companies.
Hexis Cyber Solutions, a wholly-owned subsidiary of The KEYW Holding Corporation
7740 Milestone Parkway, Suite 400 | Hanover, MD 21076 | [email protected] | 443.733.1900
January 20154