Latests offers

A targeted attack detection solution

Infowatch Targeted Attack Detector

Solution is designed to audit enterprise information systems in order to reveal active targeted attacks or their traces, including the injections of sophisticated malware being a tool commonly used by intruders.

Mass attacks ("commodity" threats) differ from targeted ones.

  • Availability order
  • The specific aim of the attack
  • Adaptability and the length of time
  • Secrecy attack

InfoWatch Targeted Attack Detector

InfoWatch Targeted Attack Detector leverages a dynamic attack detection technology
The solution constantly scans the system to collect and classify a wide range of system item parameters. Such scanning results in a so-called system slice being subject to various types of analysis.

Static
analysis

Classification of all items in the system slice. Such methods as classifiers (decision tree), whitelisting, anti-rootkit technologies, similar item discovery mechanisms (k-nearest neighbors algorithm) are used. The static analysis reveals items that have non-typical properties.

Dynamic analysis -
solutions base

This type of analysis is aimed at detecting changes and searching for anomalies therein. To determine what slices should be compared against each other, there is an algorithm that recognizes time dynamics, critical events in the system, and external changes.

Anomaly analysis

To define the causes of anomalies, InfoWatch Targeted Attack Detector uses a unique expert system and a number of meta-classifiers that process the results delivered by other analyzers (static and dynamic). If unknown malware is detected, then InfoWatch analyst steps in to report the malware, the detailed description of its actions and consequences for the enterprise infrastructure.

SOLUTION ARCHITECTURE

Agent

An agent is installed on each enterprise computer to continuously monitor IT infrastructure and keep a log It allows for even those cases to be analyzed when an emerged file was active during literally microseconds only.

Cloud
Expert System

A unique cloud system that identifies anomalies and classifies huge data volumes (Big Data). The system is for anomaly identification and classification.

Personal account page

Information security officer or system administrator can access the operation parameters of InfoWatch Targeted Attack Detector by themselves and check the following: agent statistics, scan jobs, discovered objects, new, suspicious or malicious objects.

SOLUTION ADVANTAGE

  • Effective protection of valuable information, mitigation of reputational and financial risks
  • Unique technologies to detect special-purpose software
  • Easy deployment and reliability
  • Involvement of qualified analysts

InfoWatch Targeted Attack Detector will detect the use of technical tools employed to steal corporate information. Although DLP systems are designed for information leakage protection, generally they do not have any tools, which can detect special malware used to steal data and bypass DLP protection.
The solution will detect data theft tools and thus prevent the leakage. In combination with InfoWatch Traffic Monitor, the solution is a unique protection complex based on the cutting-edge methods and technologies.

How its work?

Web-interface

View datasheet about solution here

Call back

Please fill out the form and we will contact you

Choose preferred call time