Security AnalyticsStreamlined Network Forensics

Allow Bad Actors Less Time to Act

Efficient Investigations With Full Visibility Into Past Activity

Determined attackers will inevitably bypass firewalls and other prevention mechanisms, move laterally from their stealthily established foothold, and evade detection for months or longer.  

There is nothing more frustrating, and time consuming, for a security operations team than having only some information at hand – knowing that a determined attacker got in without having the details and context to find answers to the “who, what, why, how, where, when and how bad” questions about the attack.
 
Retrospective analysis of historical details delivers insight into the full scope of attacker activities needed to implement an appropriate response. Unfortunately it is during an investigation that many discover their available data sources are shallow, fragmented and incapable of providing query answers in a timely manner.

Corvil sees all communications activity, enabling security teams to track attack paths, see file transfers, observe accessed hosts, etc.. Instead of delivering a glut of disconnected activity details, Corvil provides content enrichment. By adding dimensions of user, host and threat intelligence, Corvil delivers the right information and analysis needed to streamline investigations, identify the impact, understand the attack approach, and remediate effectively.

Outcomes

  • Accelerated investigation and response times
  • Knowledge of attempted attack path
  • Knowledge of the impact of attack
  • Insight to remediate vulnerabilities
  • Richer analysis of new levels of visibility and context
  • Improved accuracy of response

Cyber Attacker Activities

 

“Retrospective proficiencies are required to investigate and remediate issues discovered by  detective capabilities (or by outside services), to provide forensic analysis and root cause analysis, and to recommend new preventive measures to avoid future incidents.”

Benefits

Deep Visibility

Minimize the manual effort of getting the required details and context using our deep content inspection and added dimensions related to user, host, and threat intelligence.

Broad Visibility

Eliminate investigative blind spots with broad visibility across your environment, even the activities of uninstrumented hosts and devices.

User Activity Tracking

Comprehensive, real-time and retrospective tracking of user activity across multiple endpoints and devices for indicators of lateral movement and privilege escalation.

Retrospective Threat Matching

Search historical network traffic data for activities matching newly reported threat intelligence.

Immutable Data

Unlike logs, machine communications deliver an immutable record of what actually happened, which we passively capture, analyze and correlate to simplify investigative workflows.

Flexible Integration

Continuously stream comprehensive communications (L2-L7) activity data into big data platforms for additional behavioral analysis.