rolex
SSupported by cloud hosting provider DigitalOcean – Try DigitalOcean now and receive a $200 when you create a new account!

Cyber adAPT Brings Post-Compromise Forensics To Advanced Detection

Listen to this article

Cyber adAPT’s mission is to protect confidential enterprise digital assets without compromising network performance. The company has recently announced Cyber adAPT Plus that allows its customers to capture metadata from network traffic, or even full packets. This can definitely help the already overworked security professionals charged with investigating potential breaches by letting them zero in on the truly malicious alarms, speeding up their time to understand the scope, methods and targets of attacks.

Below is our interview with Scott Millis, Chief Technology Officer at Cyber adAPT:

scott-millis

Q: What makes Cyber adAPT a good choice?

A: We are a great choice for companies that recognize that despite their existing, wise investments in technologies and processes, malicious actors are still able to penetrate their networks. As a leader in the nascent “pure” attack detection technology space, we’re well positioned to partner with forward thinking early adopters that want to get a jump on network attack detection. We can be ultra-responsive and collaborative with the right partners, and believe we can substantially accelerate this new and under-deployed capability for them.

cyber_adAPT_1 Recommended: Founder Stories: Moneytis, A Wanderlust Startup

Q: What problem is this solving for your customers?

A: Very simply, we are trying to provide a solution that answers the question, “When a malicious actor, inside or outside your organization, defeats your prevention efforts, how will you know?” Cyber adAPT identifies attacks in progress, with the highest level of confidence, in the fastest time. Everything we do to improve the product is focused on improving that level of confidence, shortening the time to detection, and more accurately identifying all the actors involved. After a VERY short (usually less than 30 minutes) installation, the system routinely finds potentially malicious activity, even in well-protected networks, in a matter of hours. After a recent installation in a government agency, the system generated multiple alarms within 15 minutes on activity that, after appropriate investigation, was judged by the customer to be malicious and had been completely invisible to the existing, well-designed and deployed traditional security infrastructure.

Q: Why can’t competitors do this as well as you?

A: We are delivering a continuous attack monitoring platform that is extensible and can work with the bulk of existing security tools and technologies. Most other companies that consider themselves competitors are looking at log files, or ‘sandboxing’ a system to see how it behaves. These are valuable pieces of a security portfolio, but we look only at the raw network traffic to deduce attacks in progress. When you are looking for sophisticated attacks, the ‘opinion’ of a single device that is then forwarded in a log file is not enough to deduce an attack with high confidence.

Additionally, sandboxing systems are necessarily transient in nature and attackers are becoming wise at spotting those environments. The attack, or part of an attack, may not ever be observed in this environment. Our platform is infinitely patient and will spot the malicious attack whenever it happens, regardless of time delays, whether those delays are automated or manually determined by a very patient and persistent insider.

cyber_adAPT_product Recommended: Cactus Semiconductor: Solutions for Implantable, Portable and Wearable Device Markets

What we are doing is extremely difficult, namely, trying to find traffic with malicious intent within all of the traffic on the network. It requires massive data analysis, at wire speeds, to find the behavioral and tactical operations clues that can be leveraged by our intelligent correlation engine, over long periods of time. Further, we do this without agents, signatures and in any network environment. We can store these clues for months or years to allow us to find very slow velocity attacks, both automated and manual.

The platform also allows existing log-based, sandboxing, SIEM and other tools to send ‘clues’ for correlation, and can send alarm information to existing response and mitigation systems customers already have in place.

Q: How does this fit into you longer term vision for the product – what should people expect from you this year?

A: First, we will deliver an ever-growing collection of detection capabilities for our continuous monitoring platform, focused on higher levels of confidence and shorter response times for knowing when you’re under attack. We’ll also see several more connectors from existing security tools and technologies.

Our mobile offering, which is now integrated into the platform, will continue to expand its capabilities. Our CASB offering within the detection platform, in partnership with Mobile Active Defense, is available now.

cyber_adAPT Recommended: MicroEJ Helps OEMs Create Flexible And Future-proof Smart Devices

We’ve just announced a companion product, Cyber adAPT Plus that allows our customers to capture metadata from network traffic, or even full packets, that is automatically tied to our alarms. This can definitely help the already overworked security professionals charged with investigating potential breaches by letting them zero in on the truly malicious alarms, speeding up their time to understand the scope, methods and targets of attacks.

Q: What were the main challenges you faced in developing the product?

A: The patent-pending technology, of course, was daunting. When you really understand what we are doing, it’s pretty amazing. The biggest challenge, in my mind, however, has been changing the mindset in our industry. It’s only very recently that a majority of practitioners will admit that they already have malicious actors in their networks, and that they are very hard to find. You have to allow yourself to think about prevention, detection, response and adaptation as a virtuous cycle, where you need all steps working together harmoniously. Building additional and/or better layers of defense will not be efficient or effective in stopping network-based attacks. You have to try to prevent, of course, but you can’t put all your eggs in that basket. We finally now see companies slowly starting to realize that they need to start thinking about REAL detection of attacks in progress. It’s going to be a long, but exciting, journey and we want to be leading the way.

Activate Social Media:
Facebooktwitterredditpinterestlinkedin
,
Mercedes-Benz-EQS