Security AnalyticsAttacker Tracking

The Hacker Becomes The Hunted

Insight Into Attack Patterns And Activities That Bypass Defenses

Good security is no longer simply about defense; it is about proactively:

  • Hunting for and tracking attackers within your environment, using iterative searches for attack patterns.
  • Using advanced analysis techniques to explore activity to identify unusual changes and trends that warrant deeper investigation.

Corvil sees all activity in real-time, enabling security teams to find and track malicious activities and attacker movements as they occur. Hunters are provided heavy artillery to seek and put an end to attacks with:

  • Comprehensive visibility into activities such as tunneling, command and control, weak encryption, hosts being accessed, files being run, etc.
  • Adaptive context enrichment that adds dimensions of user, host and threat intelligence

Security teams can incorporate our comprehensive activity details into big data platforms for exploration using data science techniques, behavioral analysis, and machine learning. The more high quality data provided, the more effective these advanced analyses will be.

Outcomes

  • Improved insight into attack patterns and malicious activities that bypass defensive controls
  • Improved focus and prioritization
  • Improved tracking of live malicious activities to understand attack patterns
  • Richer anomaly and behavioral analysis using high-fidelity activity data

“88% of organizations say their threat-hunting programs need to be improved.”

Dr. Eric Cole, SANS Threat Hunting: Open Season on the Adversary, April 2016

Benefits

Simplified Anomaly Detection

Continuous process for monitoring communications, authentication, encryption and other protocol anomalies.

User Activity Tracking

Comprehensive tracking of user activity across multiple endpoints and devices for indicators of lateral movement and privilege escalation.

Live Tracking

Leverage our real-time analytics to track malicious activities as they occur.

Backchannel Detection

Reveals covert backchannels and simplifies investigation of internal systems and user accounts associated with using the channels.

Retrospective Threat Matching

Search historical network traffic data for activities matching newly reported threat intelligence.

Coverage Gap Detection

Observe activities from uninstrumented devices and unauthorized communications with cloud-based services.

Flexible Integration

Enable richer investigations and behavioral analysis by integrating our streaming analytics with a variety of big data and analytics solutions.

High Quality Data

Activity data from every packet, during every microsecond, made available for live and retrospective analysis.

Immutable Data

Unlike logs, machine communications deliver an immutable record of what actually happened, which we passively capture, analyze and correlate to simplify investigative workflows.