Active Packet Analysis
Identify malicious traffic flows on your network
Within the Threat2Alert service we implement a high capacity network probe that sits at the egress point of your internet feed. This device is configured to assess all traffic flowing into and out of your environment. It functions at the data link layer and is able to capture attempted data breaches and malware attacks. It is also able to hold full information about all network conversations for a rolling one month period. In addition it collects information about IP address pairs, protocols and other meta-data for an indefinite period. This approach provides invaluable information to an Computer Incident Response Team (CIRT) that can be used to identify threats and attempted violations of a company’s information assets.
Threat2Alert combines comprehensive managed Security information and event management (SIEM) functions with powerful packet capturing capability. Through our Security Operations Centre (SOC) we are able to provide ongoing security detection and response services around the clock. Acting as an extension of your in-house security function, Threat2Alert provides your organisation with the assurance that their environment is being closely monitored and that your data is safe from prying eyes.
Indicators of Compromise
Many organizations find it difficult to identify data ex-filtration attempts until it becomes too late. Despite this challenge, techniques do exist to assist an organization spot these attempts.
Malware will frequently exhibit at least three different types of traffic patterns: beaconing, command & control traffic and data ex-filtration traffic.
Through Threat2Alert’s active network analysis, we identify what normal network behavior looks like. Once we have defined normal behavior, we build a series of algorithms and rules to identify deviations from this norm. Through this approach, we are able to identify traffic anomalies and react before data ex-filtration occurs. This approach combined with our active event analysis provides unparalleled levels of assurance to our managed services clients.