Bio-inspired cyber security for your enterprise

Transcription

1 Bio-inspired cyber security for your enterprise Delivering global protection

2 Perception is a network security service that protects your organisation from threats that existing security solutions can t see. The nature of cyber security has changed. The focus for today s cyber security teams has switched from protecting against what s outside to discovering what s inside. Perception quickly identifies activity caused by malicious behaviours, regardless of whether it s a new threat, a novel technique, or a malicious insider. Our expert analysts monitor the deployed Perception sensors, identify what is truly malicious, and then alert your security team if something of concern is found on your network. The Perception service offers a defence grade security system, monitored by industry experts in a world class Security Operations Centre, for a fraction of the cost of running a monitoring service yourself. WHAT IS WRONG WITH TODAY S NETWORK SECURITY METHODS Today s security systems rely on some key assumptions that are fundamentally flawed. Firewalls are designed to keep anything malicious out of your network; however, it is unreasonable to expect this to be done perfectly. Most corporate networks have been compromised in some way, and IT professionals now work on the assumption that their networks are constantly at risk. Endpoint security on the other hand requires previous knowledge of threats to identify malicious activity. This listbased and signature-based process has historically worked well, but threats are becoming more complex, and defeating endpoint security can be done with relative ease by a determined attacker. The threat itself might not always originate from outside the network. Social Engineering is becoming a prevalent method for breaking into networks, and no endpoint security system will be able to identify an authorised user sending out sensitive data. 2

3 ANTI-VIRUS / ENDPOINT Bio-inspired cyber security for your enterprise The Cyber Security Gap Firewalls, Intrusion Detection Systems (IDS) and anti-virus only form part of modern cyber security defences. The security gap that most organisations are exposed to exists within their own network. Whether this is a threat which has circumvented the rules-based or sandboxing appliances, or data being leaked by a trusted device, this activity c an be detected by effective real-time internal network monitoring. Until now this has proved an almost impossible task, given the volume of data which flows at the network core in even the most basic of networks. Perception is able to address this. It is designed to work at very high data rates at the core of the network while using complex logic to perform in depth analysis and classification into only the data that matters. Identifies: Known threats entering network Known signatures entering network Traffic to / from known malicious sources Opens and analyses unencrypted applications from external sources in VM FIREWALLS / IDS Identifies: Known threats on hosts Known signatures on hosts Unusual user behaviour NET WORK M O NITORING Identifies: Activity from novel sources Threats from trusted sources inside the network Unusual and threat-like behaviour between hosts Network vulnerabilities Policy breaches Detects: Unknown / zero-day threats Surveillance and pre-exploit phase activity Advanced obfuscation techniques Data exfiltration, including low and slow techniques External attacks or port scans 3

4 How Perception Works Perception carries out the network monitoring tasks often overlooked by conventional enterprise security systems. Acting as an immune system for your network, Perception constantly identifies and classifies behaviour to filter out the unusual from the normal. Various levels of analysis are conducted on the network traffic to identify the most typical threat characteristics. This includes data exfiltration, and activity that might preclude malicious data manipulation. ADVANCED THREAT DETECTION Perception also has complex logic engines that detect the behaviour of today s most advanced threats, such as those that can exist on a network for long periods of time before carrying out malicious action. The logic within the system has been developed from military grade cyber security software, and is constantly developed with support from our cyber research team at Roke Manor Research who work on the front line of cyber defence for government and agency customers worldwide. SECURITY OPERATIONS CENTRE Information about potentially malicious behaviour is passed to our Security Operations Centre (SOC), where our cyber threat experts identify events that actually pose a threat. Information about any active malware or policy breaches are provided so you can take action. With best in class analysts identifying threats, it ensures that the knowledge base analysing the data is as current as possible, and having an analyst in the loop ensures that false alarms are kept to a minimum. COMPLETE THREAT DETECTION Perception identifies previously unknown threats and other malicious activity that is missed by traditional security products, even when obfuscation techniques are used to evade perimeter security defences. THERE ARE NO RULES Systems which depend on an ever-growing list of simple rules struggle to keep pace with the expanding threat landscape. Increasingly, they become less effective, and today s more sophisticated threats are designed to actively avoid detection. Perception is a behavioural engine so is not bound by a long list of rules. DEFENCE FROM INSIDE Network threats can originate from both internal and external sources. The slow exfiltration of business information can often go unnoticed by traditional network monitoring tools, or an attack on an external third party can originate from within your organisation. The proliferation of Bring Your Own Device (BYOD), as well as tools that encourage collaboration in an increasingly online world makes identifying a threat injected at the core of your network almost impossible to identify with existing security infrastructure. Perception goes beyond other security devices in offering early identification of data flowing out of your network to external locations, as well as pre-attack phase activity. REAL TIME INFORMATION Perception does not rely on collection periods and a mass of data. Instead it constantly analyses live network traffic and produces information in real-time. This means that intelligence is seen by our analysts as soon as possible, rather than relying on arbitrary database refreshes or scheduled data collection periods. 4

5 Free Trial See for yourself how valuable network monitoring is in strengthening your cyber defences with a free 30 day trial. WHY DO I NEED A TRIAL? Our service monitors networks protected by some of the most advanced firewalls and anti-virus systems available. We always find something to be concerned about. On an average network we find: 16 systems containing active malware 8 configuration errors indicating vulnerabilities 4 cases of bad network practice or security policy breaches We will help you find existing malware and vulnerabilities that you didn t know existed on your network, and make recommendations on how to resolve problems. You will understand where your focus needs to be. Most companies haven t reviewed their cyber defence strategy in a long time, and we will help you identify where the vulnerabilities are so that you can better protect your network. You will also be able to take action on any items based on our analysts suggested remediation activities. HOW DOES THE TRIAL WORK? There is no commitment to purchase. If you determine after the trial that you still have sufficient cyber protection in place, you re not obliged to pay anything. Our network architects will agree with your IT department where the system is best placed in your network, how many devices are required, and the information needed for installation. We will also review the benefits Perception will give you based on its location in your network, and suggest where it is best placed for your needs. On installation day, our engineers will visit your site to install the Perception device and you talk you through the system basics. Over the next 24 to 96 hours the system will go through what we call a Network Learning Period. During this phase it identifies typical traffic patterns and gains key insights into your network. After this period has finished you will start to be protected. Our analysts will be in contact as required to inform you about any weaknesses or threats identified within your network. At the end of the trial period, we will debrief your IT security team. This will include a complete review of the threats within your network, the attempted attacks over the trial period, and the most vulnerable points within your network. Interested? Find out more by contacting us at: info@perceptioncybersecurity.com or visit: 5

6 What is Perception? HARDWARE The Perception installation comprises one or more sensors deployed in your network. The Perception sensor is a 1U high blade server that is fed from a SPAN port or utilises a network tap. Completely invisible to the network, it has no effect on speed or network performance whilst it monitors. It passively views the network traffic and processes the data using its unique behavioural classifiers. The sensor builds a library of packets captured from the network, and sends in-depth metadata about the network back to high performance hardware at our Security Operations Centre (SOC). This metadata contains key information our analysts need to conduct their investigations, and when they need to confirm presence of malware, they access individual packets captured from the network in order to support their investigation. SOFTWARE The Perception software was developed for the UK Government in 2011, and declassified for commercial sale in Since then it has been constantly developed to become today s most advanced method of identifying threats to a network. The software is split into two parts, the first part using bioinspired techniques to identify how unusual and threat-like all network traffic is. Perception then uses this information to determine how deep the analysis into the data needs to be. The system then runs analysis on all network traffic to determine any behaviour that could be threatening, this includes: Data Exfiltration Pre-attack Phase Activity Network Reconnaissance Network Pivoting Privilege Escalation Anonymising Data Policy Breaches or Bring Your Own Device based threats Brute-Force Behaviour Command and Control Activity Malicious Users/Network Misuse 6

7 SERVICE The data Perception gathers gives the analysts at the SOC everything they need to know to categorise malicious activity. The output of this analysis is fed back to your network security department and includes information about: Authentic but anomalous activity Discovered malware and remediation activity Most likely threat vectors into the network Policy breaches or dangerous network behaviour from users Our SOC is located at Roke Manor, where some of the highest level cyber research in the world is conducted. Perception benefits from this partnership by utilising the same talent that conducts work for government-level security departments worldwide to feed into product development and analysis. No other business is as close to the cyber security threat landscape as Perception. Using this information, not only do you know where the danger is and how to solve it, you will understand where the risks in the network are, and what actions to take to protect the network for the future. ALWAYS UP TO DATE Perception is constantly evolving to match emerging threats. New intelligence is added to improve the product to suit the ever changing threat landscape. We push regular free updates on average once every three weeks, meaning that all our customers are as protected as possible, without incurring expensive upgrade fees. Advancements to Perception come from four different sources, which ensures we are providing useful updates. INTERNAL DEVELOPMENT TEAM Typically providing efficiency improvements, our internal development team have a key role in deciding the upgrades to include with each update to Perception. INTERNAL ANALYSIS TEAM The same analysts that monitor Perception data have a direct influence on how the system is developed. This ensures they are always provided with the right data to diagnose potential threats or vulnerabilities. OUR CUSTOMERS Our customer base has a direct link to the development team and can suggest specific threats or behaviours they re concerned about and updates added accordingly. EXPERT CYBER ANALYSTS Working closely with government departments and Roke Manor Research ensures Perception is able to detect tomorrow s threats before they arrive. 7

8 Chemring Technology Solutions is a global provider of advanced Electronic Warfare (EW), Explosive Ordnance Disposal (EOD), and Communication Information Systems (CIS) products that deliver leading edge technology to mitigate current and emerging threats. Trusted by armed forces, governments, and national security customers worldwide our understanding of operational requirements allows us to deliver products able to meet today s asymmetric threat environments. Our products are relied upon by the best equipped armed forces in the world, including the UK MOD and NATO allies. Perception has been designed and developed by market-leading technology and security specialists within the Chemring Group, which has been delivering secure communication solutions for more than 40 years and is trusted by defence and security agencies worldwide. We provide our customers peace of mind by providing solutions that ensure the suitability, long term supply and through-life support of our products. Working as part of the Chemring Group we are able to support and supply our products globally, and with a worldwide network of agents and distributors our products are accessible in all regions. Our heritage dates back to the development of early radar and the first mobile digital communications system. Over many years our trusted equipment has supported operations from Northern Ireland to Afghanistan. Our product range has continued to develop and we now operate from two sites in the UK where our world-class engineers and operational experts create innovative products that protect and enhance lives. DISCUSS YOUR CYBER SECURITY REQUIREMENTS TODAY If you would like a bio-inspired security solution for your network please contact our sales team. Call: +44 (0) info@perceptioncybersecurity.com Visit: Chemring Technology Solutions Roke Manor, Old Salisbury Lane, Romsey, Hampshire, SO51 0ZN, UK T: +44 (0) F: +44 (0) info@chemringts.com Chemring Technology Solutions Limited 2015 All rights reserved This publication is issued to provide outline information only, which (unless agreed by the company in writing) may not be used, applied or reproduced for any purpose or form part of any order or contract or be regarded as representation relating to the products or services concerned. The company reserves the right to alter without notice the specification, design or conditions of supply of any product or service