FireTower Continuous Monitoring Task

FireTower Security Solution
  • Preamble
  • Continuous Monitoring
  • Persistence Mechanisms
  • Live Forensics
  • Live Attack Monitoring
  • Resources

Most of the Anti-Virus solutions consist of either a cloud-based or on-premise management server but only with installation and update status of Windows operating system and Anti-Virus software, the number of known virus detected, and individual endpoint event log files and contain no integrated threat database to hunt for advanced threats.

FireTower adopts a measured approach on security continuous monitoring and maintains an enterprise threat database containing all endpoint critical system change events in real-time with enterprise specific authentication rules.  An interactive threat exploration interface with built-in analytics to search through live forensic data for instant incident response or postmortem investigation.

Malware and Zero-day attacks alike commonly abuse persistence mechanisms built into operating systems in order to gain a foothold and dwell on a PC after it has successfully infiltrated the PC’s perimeter defense.

This approach is validated by the fact that focusing on persistence mechanisms is already the industry standard practice for incident response. Most forensic investigations initiate the incident response process by examining persistence mechanisms as it is a fast and effective method for assessing malware incidents and discovering breaches and malware. Most, if not all, recently reported cyber security Zero-day attack incidents involved injected or altered persistence mechanisms as one of the key artifacts discovered in post-mortem analysis.

FireTower continuous monitoring delivers a real-time enterprise threat database with live forensics.  An always-on malware triage platform with an interactive threat exploration interface is available to perform incident response and forensic investigation without delay.

FireTower continuous monitoring delivers an endpoint Activity View based on Inter-Host Intrusion Prevention System technology that enable administrators at Security Operation Centers to monitor ongoing endpoint attacks and malware lateral movements across endpoints to reach high value systems.