5 Reasons to Pilot HawkEye G
The Active Defense Grid 5 Reasons to Pilot HawkEye G Experience machine-guided and automated response capabilities enabling containment and j elimination of cyber threats at machine speeds. kExperience a positive ROI driven by reducing manual, time-intensive response efforts and enabling you to better leverage existing staff. lEnable shift from incident response to continuous response. mGain increased visibility into endpoint and network behavior to better detect malicious activity. nIt’s complementary and adds value to your existing security controls. Active deployments of our HawkEye G advanced threat detection, investigation, and automated response solution validate what we read about every day: cyber threats are increasing in volume, severity, and are evading organizations’ existing defenses. Figure 1 depicts botnet callback activity that HawkEye G has detected over the last 6 months in one specific network. While this activity ranges from benign to malicious, we’ve detected numerous examples of activity that was deemed to be either malicious or having high risk of being malicious. Botnet Trends via HSOC Command & Control Number of botnet callback incidents Figure 1. HawkEye G detects an average of 5 botnet callback activities a day on just one specific network DAYS Examples include: ZEUS VARIANT HawkEye G observed a pattern of suspicious network behavior in an enterprise customer’s environment. A Windows laptop was sending traffic that resembled malicious beaconing to an external command and control server and the traffic was occurring at an unusually high rate. Within one second, HawkEye G traced this network connection to a host and identified further suspicious activity on the host, namely an executable running out of a user’s personal data directory. It took HawkEye G a mere 34 seconds to take action and kill the process. TSUNAMI MALWARE HawkEye G detected Tsunami malware in a health care customer. This remote access Trojan yielded risk of exfiltration of sensitive PII and PHI. UNAUTHORIZED ADVERSARY COMMUNICATION In a deployment with a government organization, HawkEye G detected unauthorized communications with a Nation State adversary. Today’s Environment Requires Continuous Monitoring and Response Leveraging Automation The security paradigm is shifting to not “if” but “when” and “how often.” This requires organizations to adopt security solutions that provide increased visibility into host and network activity. However, providing increased visibility alone is not enough given issues related to alert overload and false positives. Therefore, visibility must be combined with collaboration, correlation, and corroboration. The nature of today’s attack environment also requires organizations to not only invest more in incident response but to shift the model from episodic, incident response (manual and expensive) to a continuous response model that leverages automation. Contact us today: Government Stephany Mackay [email protected] (703) 727-6604 Commercial Gary Woods [email protected] (410) 977-5376 A Pilot Program Consists of 3 Easy Steps Step 1: Kickoff Step 2: Automated Threat Investigation and Removal Step 3: Threat Investigation and Remediation Report Copyright © 2015 Hexis Cyber Solutions, Inc. All rights reserved. Hexis Cyber Solutions, HawkEye and NetBeat are protected by U.S. and international copyright and intellectual property laws and are registered trademarks or trademarks of Hexis Cyber Solutions Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Hexis Cyber Solutions, a wholly-owned subsidiary of The KEYW Holding Corporation 7740 Milestone Parkway, Suite 400 | Hanover, MD 21076 | [email protected] | 443.733.1900 January 20154
© Copyright 2024