POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

Transcription

1 ADVANCED CYBER THREAT ANALYTICS POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. Wynyard Advanced Cyber Threat Analytics (ACTA) is a Pro-active Cyber Forensics solution that helps protect organisations where a cyber security compromise could have a high consequence impact. ACTA helps organisations to discover disguised and hidden threat indicators, unknown unknowns, early on in existing big data network logs and supports informed cyber responses before these threats become dangerous knowns and unsolvable problems. WHO IS ACTA FOR? ACTA has been developed in association with global Fortune 500 companies. It is a market leading product for organisations where a cyber-security compromise could have a significant or catastrophic economic, operational or reputation impact. It can be deployed across all industries with cyber security concerns as follows: Organisations with an existing cyber security team. Organisations who provide outsourced cyber security and cyber intelligence operations services. ACTA HELPS YOUR ORGANISATION TO: Discover serious threats hidden in the masses of data already being collected but not analysed within an organisation s network logs. Identify unknown unknowns before they become dangerous knowns and unsolvable problems. Reduce operational, financial and reputational risk. KEY SOLUTION HIGHLIGHTS The combined power of pro-active anomaly detection and visual forensics provides a capability that far exceeds competing cyber security tools. ACTA works as the last line of defense, continuously monitoring within the network and using anomaly detection. Anomaly discovery & detection Discover the hidden threats that you did not know existed on your network with anomaly detection using unsupervised machine learning models from Wynyard s Crime Science Research Institute. Threat generation ACTA finds and prioritises the highest priority threats for investigation. This significantly reduces the massive security alert volumes that analysts are forced to work through on a daily basis. Advanced analysis visualisations Advanced analysis provides security analysts with the ability to forensically examine and visually explore the data, discovering the origination and extent of attacks across the network, before preparing a response. Analytics platform The scalable and highly available analytics platform is proven to ingest and process gigantic data volumes (petabyte scale). It also provides the ability to run multiple advanced analytics models against the data without compromising on performance. Reduce regulatory exposure and risk of penalties through continuous monitoring. USE CASES Trusted by Boards to reveal potentially unmitigated catastrophic and high risk events. Leveraged by CISOs to discover unknown compromises on the network, understand threats and respond. Used by CROs to ensure compliance with emerging regulations. Used by security analysts to discover the root cause of threats, identify origination points and respond. Implemented by SOC operators to protect their client s networks.

2 KEY SOLUTION BENEFITS Better protection by monitoring activity inside the network, not just the perimeter. Lower cost by using existing network log data already paid to be collated and stored. Discovery of unknown network anomalies using advanced machine learning techniques. Reduced noise for security analysts by discovering the highest priority threats and not drowning analysts in ever increasing alerts. Improved ability for analysts to investigate with advanced visualisations and threat exploration for quick discovery and compromise insight. A better understanding of network compromise. Better compliance by continuously monitoring the network and surfacing compromise. Part of a layered approach to security by acting as the last line of defense and surfacing anomalous activity early in the threat timeline. HOW IS ACTA DIFFERENT? Wynyard ACTA provides pro-active cyber forensics that can be deployed rapidly, and is non-intrusive, at a low cost: Pro-active: discovers hidden threats using anomaly detection in your existing network logs. It surfaces threats no one knew about. Forensics: visually explore the highest priority threats and how they may be mitigated. It focusses the investigation. Non-intrusive: use the existing network log data that you have already paid to have collated and stored. Rapid deployment: rapid deployment with out-of-the-box data adaptors and fully configured off-the-shelf solution. Low cost: use of existing data, rapid deployment times and a complete solution with no extra hidden software license costs all lead to lower-cost deployments and a low TCO. HOW DOES ACTA WORK? ACTA ingests DNS, Proxy, NetFlow, Remote Network Access, Active Directory, and DHCP logs. ACTA rapidly processes this data at scale through the data analytics platform. Using proven anomaly detection, ACTA reveals anomalies that lie hidden on the network. The most suspicious anomalies are highlighted as priority-ranked threats. These threats are contextualised with an appropriate subset of event data. The threats, alerts and context are surfaced within ACTA analysis. Visual user-based analysis, query, and data exploration tools allows users to rapidly respond to threats. CLIENT NETWORK & DATA WYNYARD ADVANCED CYBER THREAT ANALYTICS DNS PROXY THREAT OUTPUT CORPORATE NETWORK SERVERS AD REMOTE NETWORK ACCESS COLLATED LOG STORE HIGH PERFORMANCE DATABASE ANALYTICS ENGINE ADVANCED ANALYTICS NETFLOW DHCP ALERTS & CONTEXT ACTA: Preventing high consequence cyber crime using Pro-active Cyber Forensics

3 ADVANCED CRIME ANALYTICS OPEN SOURCE INTELLIGENCE SOLUTION Wynyard Advanced Crime Analytics (ACA) Open Source Intelligence (OSINT) solution is a pre-configured model within ACA, ingesting near real-time OSINT data feeds to extract and analyse open source information. The internet has become the platform of choice for communication, interaction, and facilitation of large organised crime groups. In order to disrupt these networks, Wynyard s ACA OSINT tracks social media interactions and blends these with other intelligence feeds to research, analyse and track specified targets. Wynyard Advanced Crime Analytics is a powerful platform for intelligence collection, processing, assessment and dissemination. Through the ACA platform, OSINT deploys advanced algorithms, machine learning and context intuitive workflows to help discover and present entities of interest, relationships, patterns and anomalies. The web is a terrorist s command-and-control network of choice. Robert Hannigan, Director GCHQ, FT Online, November 3, 2014 ACA OSINT HELPS: KEY SOLUTION HIGHLIGHTS Government agencies stay one step ahead of international organised crime groups Utilise specialist resource more effectively to combat crime Quickly target funders, harbourers & supporters of organised crime Rapidly identify the most actionable intelligence from the noise of large data sets Fuse multiple sets of structured & unstructured Open Source intelligence Rapidly search and discover Aggregate open source information in near real-time from multiple platforms based on key word searches or geo-coded ring-fencing to present data for targeted analysis. Customisation Use in-built specialist lists such as countries, terrorist organisations of interest, weapons or types of attacks, to assist with effective text mining and entity extraction. Connect multiple data sources Create a full picture of an individual s online activity by connecting their various personas across multiple social media platforms over time. Visualise complex data Intuitively visualise interactions and connections between entities and networks to discover actionable intelligence. Raise the bar on operational effectiveness Access via a selected secure hosting environment removing the need for the provision of any in-house infrastructure or installation.

4 KEY SOLUTION BENEFITS Entity extraction Automatically extract and classify types of entities such as on-line personas (e.g. Facebook Users, Blog Authors, Forum Names, Twitter Users, etc), Content Entities (tweets, messages, hashtags, Facebook messages, blog and forum posts) and Web Links. Geographical display Visualise online interactions on maps to locate areas of interest and trail movements of users based on geo-tags from the data associated with them. Timeline analysis Quickly visualise peaks in social media activity to identify time periods of interest or use previously identified dates and times to analyse online interactions around particular events. Visualise complex data View and explore networks of relationships between entities of any type within the data extracts and apply pre-set filters or querying criteria to help focus in on areas of interest. Pathfinder queries and ad-hoc queries Rapidly discover connections and links across a set of seemingly unrelated entities with pathfinder queries. Similarly, ad-hoc queries can be created and run to uncover connections or follow a specific line of enquiry. Sophisticated search Search for entities or interactions within the data with a full-featured text search engine utilising Boolean entities, and fuzzy and distance matching. Advanced Crime Analytics Open Source Intelligence rapidly identifies actionable intelligence DATA SOURCES WYNYARD ACA ANALYST TOOLS User interface allows investigators to develop, evaluate and work leads. EXTRACT ADVANCED ANALYTICS TEXT ANALYTICS/ ENTITY EXTRACTION SOCIAL NETWORKS THIRD PARTY AGGREGATOR TRANSFORM GEOSPATIAL ANALYSIS TIMELINE ANALYSIS ANOMALY DETECTION LOAD RULES ENGINE QUERY & SEARCH CAPABILITIES PATHFINDER QUERIES ABOUT WYNYARD GROUP Wynyard Group is a market leader in serious crime fighting software used by customers in government, financial services and infrastructure critical to a nation. Wynyard s powerful advanced crime analytics and investigations case management products help customers solve and prevent serious organised and trans-national crime, financial crime and threats from new generation extremism and high consequence cyber crime. Wynyard solutions combine next generation big data capability with specialist investigations and intelligence tradecraft in a powerful and secure software platform. Wynyard partners with major systems integrators and some of the world s leading software companies and has operations in the United States, United Kingdom, Canada, Middle East, Australia and New Zealand. For more information visit POWERFUL SOFTWARE. FIGHTING SERIOUS CRIME.

5 ADVANCED CRIME ANALYTICS FOREIGN FIGHTER SOLUTION Wynyard s Foreign Fighter solution is a securely hosted, pre-configured model within Wynyard Advanced Crime Analytics used to extract and analyse open source information. The internet has become the platform of choice for communication, interaction, and facilitation of large organised crime groups involved in fundamentalist activity. In order to disrupt these networks, Wynyard Foreign Fighter tracks social media interactions and blends these with other intelligence feeds to research, analyse and track specified targets, at risk or involved in fundamentalist conflict or radicalisation. Wynyard Advanced Crime Analytics (ACA) is a powerful platform for intelligence collection, processing, assessment and dissemination. Through the ACA platform, Wynyard Foreign Fighter deploys advanced algorithms, machine learning and context intuitive workflows to help discover and present entities of interest, relationships, patterns and anomalies. The web is a terrorist s command-and-control network of choice. Robert Hannigan, Director GCHQ, FT Online, November 3, 2014 FOREIGN FIGHTER HELPS: Government agencies stay one step ahead of international organised crime groups Utilise specialist resource more effectively to combat crime Quickly target funders, harbourers & supporters of organised crime Rapidly identify the most actionable intelligence from the noise of large data sets KEY SOLUTION HIGHLIGHTS Rapidly search and discover Aggregate open source information in near real-time from multiple platforms based on key word searches or geo-coded ring-fencing to present data for targeted analysis. Customisation Use in-built specialist lists such as countries, terrorist organisations of interest, weapons or types of attacks, to assist with effective text mining and entity extraction. Connect multiple data sources Create a full picture of an individual s online activity by connecting their various personas across multiple social media platforms over time. Visualise complex data Intuitively visualise interactions and connections between entities and networks to discover actionable intelligence. Raise the bar on operational effectiveness Access via a selected secure hosting environment removing the need for the provision of any in-house infrastructure or installation. Fuse multiple sets of structured & unstructured Open Source intelligence Foreign Fighter is designed to dirupt networks involved in fundamentalist activity. WEAPONS TRADE DRUGS TRADE CHILD ABUSERS TERRORISTS HACKERS GANGS THE INTERNET PEOPLE NETWORK

6 KEY SOLUTION BENEFITS Entity extraction Automatically extract and classify types of entities such as on-line personas (e.g. Facebook Users, Blog Authors, Forum Names, Twitter Users, etc), Content Entities (tweets, messages, hashtags, Facebook messages, blog and forum posts) and Web Links. Geographical display Visualise online interactions on maps to locate areas of interest and trail movements of users based on geo-tags from the data associated with them. Timeline analysis Quickly visualise peaks in social media activity to identify time periods of interest or use previously identified dates and times to analyse online interactions around particular events. Visualise complex data View and explore networks of relationships between entities of any type within the data extracts and apply pre-set filters or querying criteria to help focus in on areas of interest. Pathfinder queries and ad-hoc queries Rapidly discover connections and links across a set of seemingly unrelated entities with pathfinder queries. Similarly, ad-hoc queries can be created and run to uncover connections or follow a specific line of enquiry. Sophisticated search Search for entities or interactions within the data with a full-featured text search engine utilising Boolean entities, and fuzzy and distance matching. Wynyard s Foreign Fighter solution rapidly identifies actionable intelligence. DATA SOURCES WYNYARD ACA ANALYST TOOLS User interface allows investigators to develop, evaluate and work leads. ADVANCED ANALYTICS TEXT ANALYTICS/ ENTITY EXTRACTION SOCIAL NETWORKS GEOSPATIAL ANALYSIS TIMELINE ANALYSIS ANOMALY DETECTION RULES ENGINE QUERY & SEARCH CAPABILITIES PATHFINDER QUERIES ABOUT WYNYARD GROUP Wynyard Group is a market leader in serious crime fighting software used by customers in government, financial services and infrastructure critical to a nation. Wynyard s powerful advanced crime analytics and investigations case management products help customers solve and prevent serious organised and trans-national crime, financial crime and threats from new generation extremism and high consequence cyber crime. Wynyard solutions combine next generation big data capability with specialist investigations and intelligence tradecraft in a powerful and secure software platform. Wynyard partners with major systems integrators and some of the world s leading software companies and has operations in the United States, United Kingdom, Canada, Middle East, Australia and New Zealand. For more information visit POWERFUL SOFTWARE. FIGHTING SERIOUS CRIME.

7 INVESTIGATIVE CASE MANAGEMENT Wynyard s Investigative Case Management software is a comprehensive, highly configurable, secure, web-based solution for investigations and case management. Our integrated solution can be used for all investigation and case management requirements without the resource overheads of existing systems. It can easily be deployed at departmental, agency or multi-agency level. It is rich in features and underpinned by robust security and auditing capabilities. ICM HELPS: Enable more effective and efficient case management Integrate case management data with wider intelligence holdings Provide a complete view of the case KEY SOLUTION HIGHLIGHTS is an integrated environment that can manage case and intelligence information. Objects are collectively referred to as entities, all of which can be user defined. Source entities, intelligence records, and information are contained within the same database. Configuration of Wynyard Investigative Case Management is straightforward and can be done without the need for specialist resources, removing extra time, effort and costs involved with change requests. The implementation is simple and can be performed quickly. is used by over 40 agencies world-wide including National Police Forces, Financial Institutions and Justice Agencies. Standardise organisational investigation and case management processes Enhance analysis and provide access to real time data Investigating a case Intuitive visualisation

8 KEY SOLUTION BENEFITS Highly Configurable can easily be aligned to organisational business processes including configuration of incident reports, cases, case notes, tasks and task results. This can be configured in-house, reducing time and cost. User Security Security features include a robust, detailed security model, which is role-based security and has a full audit capability. Multiple languages provides translation capabilities which can be used to change static application text to a foreign equivalent, or to localise. uses Unicode allowing input in any language. Remote access and case replication Case replication is designed to allow users to access and input case data remotely. Client defined review process Source entities; including case notes, tasks and task results; can be subject to a review process before they are confirmed as a valid component of a case. Client defined, word template reports The case reporting capability allows the user to define which entities, data ranges and attributes are required. This can be done in Microsoft Word format. Connect Intelligence and Investigations data Combine case data with wider intelligence holdings by importing and exporting data into Wynyard Advanced Crime Analytics for more in-depth analysis. Alerting It is possible to configure a number of alerts and triggers based on field / attribute changes, security / permission updates, and covert or overt watches. Wynyard s Investigative Case management software is designed to manage complex investigations. EMPLOYEE INTERVIEWS BANKING RECORDS OPEN SOURCE INTELLIGENCE CCTV EMPLOYEE RECORDS S INCIDENT FILE OPENED INVESTIGATIONS CASE MANAGMENT REPORT AUTHORITIES NOTIFIED SUBSIDIARY COMPANIES ADVANCED CRIME ANALYTICS OTHER DEPARTMENTS OTHER INCIDENTS ABOUT WYNYARD GROUP Wynyard Group is a market leader in serious crime fighting software used by customers in government, financial services and infrastructure critical to a nation. Wynyard s powerful advanced crime analytics and investigations case management products help customers solve and prevent serious organised and trans-national crime, financial crime and threats from new generation extremism and high consequence cyber crime. Wynyard solutions combine next generation big data capability with specialist investigations and intelligence tradecraft in a powerful and secure software platform. Wynyard partners with major systems integrators and some of the world s leading software companies and has operations in the United States, United Kingdom, Canada, Middle East, Australia and New Zealand. For more information visit POWERFUL SOFTWARE. FIGHTING SERIOUS CRIME.