FireTower Enterprise Endpoint Visibility Task
Anti-Virus security solutions are mostly based on a “perimeter” defense approach, using virus and malware signatures for detection and produce excellent results for detecting previously discovered malware. Contrary to claims made by security solution vendors that their security solutions are capable of detecting Zero-day attacks, Zero-day attacks continue as evident by recently reported incidents.
Since these Anti-Virus software do not have continuous monitoring capabilities, once a breach is suspected or detected, the traditional forensic investigation can easily take days after the external incident response team is arrived on-site.
FireTower continuously monitors and aggregates all critical security events from endpoints to maintain a real-time enterprise threat database.
FireTower provides an interactive threat exploration interface with built-in analytics, called Cyber Console to perform security monitoring, threat detection and incident response capabilities. The built-in analytics use IHIPS engine to perform temporal and spatial analysis for all enterprise endpoint events. The threat exploration interface allows security professionals to search through a centralized enterprise database for threat detection, analysis, investigation.
For each individual endpoint computer in the enterprise network, Cyber Console delivers a client view of continuously monitored critical change event database including associated metadata, digital certificate and hash values of target binary files (MD5, SHA-1 and SHA-256). The same client view is also available at the endpoint computer accessed through account with admin privilege.
FireTower uses the IHIPS engine to automate the standard industry practice to collect, authenticate, and stack all persistence mechanisms from all the endpoints. All enterprise forensic data available in real-time for incident and forensic investigation.
In-house security professionals could conduct as many incident investigations as necessary using live forensics instead of relying on the time-consuming manual data acquisition process. FireTower also frees enterprises from having to pre-commit to retainer services of external incident response contract and allows them to react immediately rather than waiting for an external IR team to arrive on-site.
Cyber Console IHIPS Activity view of the interactive threat exploration interface continuously search the enterprise threat database and to identify the threats and provide early identification of ongoing attacks or malware lateral movements within the enterprise and to respond rapidly to the detected attacks
All at-risk endpoint systems across the enterprise network are identifiable through IHIPS over the enterprise threat database. Quarantine-All command can be issued from the FireTower interactive threat exploration interface.
All authentication rating changed by FireTower administrators will be automatically processed throughout enterprise network. That is any rating changed from good to malicious will be immediately and automatically quarantined at all at-risk endpoints. Conversely any authentication rating changed from malicious or suspicious to good will be immediately and automatically un-quarantined from all affected endpoints.
- Persistence Mechanism Primer
- FireTower Security Solution Page
- Armchair tour to Cyber Console Threat Visibility UI
- Hands-on of FireTower Security Operations:
- Get hands-on experience with the unique EDR capabilities of Inter-Host Intrusion Prevention System by experimenting Cyber Console GUI through a Sampan Security, Inc. demonstration network on demand and on your computer.
- Download and execute WinCyCon software (digitally signed by Sampan Security, Inc.) and auto-connect you to the network: WinCyConx64.exe for x64 and WinCyConx86.exe for x86 (Windows Desktop XP/Vista/7/8/10 or Server 2008/2012)