Trustport Threat Intelligence
- high sensitivity
- low false alarm rate
- effectiveness against purpose written attacks
- effectiveness against self-modifying malware
- low installation and integration effort – minutes, not weeks
KNOW WHAT IS GOING ON IN THE NETWORK!
TrustPort Threat Intelligence is a monitoring engine that specializes on detection of anomalous and outlier behavior. It closes the vulnerability gap left by the current security solutions that focus on the identification of known threats.
There is currently no parallel technology on the market:
Why Threat Intelligence?
High sensitive protection against APTs and zero-day (all kinds of unknown and highly customized attacks and self-modifying malware)
Identification of risks that enable enhancement of your network security (e.g. policies of network devices – firewalls, routers, ...)
Recognition of security incidents by atomic behavioral characteristics typical for a broad range of advanced malware and attacks: port scans, SSH and other types of access, periodical flows, high volume and high value data traffic, dictionary attacks, buffer overflows, ...
System OverviewBy passive listening to your network Threat Intelligence creates a
behavioral model of the network based on past network traffic and
it identifies all anomalous and outlier behavior (i.e. behavior that is
not in line with the model‘s prediction or marked as non-malicious).
TrustPort Threat Intelligence detects all kind of modern attacks
- Repetitive flows (password crackers, trojans, viruses, command and control, ...)
- DoS and DDoS (blocking based on autonomous systems, country subnetworks, proxies, ...)
- Horizontal and vertical port scans
- P2P network behavior
- Data leaks
- Anomalous and outlier network behavior
THREAT INTELLIGENCE = SHERLOCK HOLMES LOOKING INTO YOUR NETWORK
- Engine recognizes attacks by atomic behavioral characteristics typical for a broad range of advanced malware and attacks
- Artificial intelligence based on supervised and unsupervised methods for classification, clustering and outlier analysis
- Integration of signature-based IDS and NBA not based on signatures – self-adapting rules instead
Two Levels of Artificial Intelligence
1. Detection algorithms using inputs from built-in modules
2. Supervised and unsupervised methods for classification, clustering and outlier analysisMathematical n-dimensional models of networks, subnetworks,
hosts, services and individual flows. These models comprise of:
- data features
- automatic features selection (for the purpose of detection)
- model integration and optimization
Network data stream from mirror traffic (SPAN or TAP) online blocking probe
SIEM, email, syslog, web interface
- Integration of TrustPort Antivirus (evaluated as the most effective antivirus by Virus Bulletin)
- Firewall and router management plugins (SNMP, web service, IP tables, IP filter)
- Output interpretation and security consulting
- Oil and gas
- Military and government
- Emergency and transportation
HW server from €10,000
Detection engine from €20,000
Typical 1Gbps installation €80,000
Maintenance and upgrades 15% / yr.