Published on June 1st, 2016 | by Tony Thompson
Taking the Wrapper off a Time Machine for Breach Detection
SS8 today introduced a breakthrough in enterprise breach detection: SS8 BreachDetect. We call the solution a “time machine” for breach detection. But what makes it a time machine? The solution uses new methods of network visibility, learning and automation to accelerate and simplify the breach-hunting journey – past, present and future.
What makes SS8 qualified to help enterprises do breach detection? Well, if you know anything about SS8 at all, it’s that we’re experts in communications analytics and extracting intelligence from network packets. We do this for six of the world’s largest intelligence agencies, five of the 10 largest communications providers, and two of the world’s largest critical infrastructure entities.
Now, we are building on that heritage to enable the enterprise to turn back the clock on network threats and take the guesswork out of hunting for breaches. The “network” is the key.
BreachDetect uses investigation-grade communications analytics that is proven with the top intelligence agencies to find the unknown suspect-of-interest (SOI), and is providing a solution for enterprises to quickly and easily identify the compromised, unknown device-of-interest (DOI).
SS8 president and COO Faizel Lakhani says, “Our deep understanding of communications flows and years of proven experience tracking suspects-of-interest (SOI) has given us a unique edge in being able to rewind and pinpoint the device-of-interest in today’s war on enterprise data breaches.”
How does it work? It’s easy.
1) Lightweight sensors deploy passively on the network to generate High-Definition Records (HDRs) from all communications flows (more on HDRs in another post).
2) Our Learning Analytics engine enriches, analyzes, learns, and matches HDR data with user, device and threat intelligence information to uncover the device-of-interest.
3) Automated Discovery capabilities provide an easy-to-use dashboard with color-coded Kanban-style threat panel to eliminate the need to sift through log data and threat intelligence feeds.
The truth is that data breaches are occurring right now and hiding in the normal flow of network communications for hundreds of days. This “dwell time” is forcing the breach conversation to happen at the highest level in today’s enterprise.
One of our customers, Rick Kessler, the CIO of Chenega Corporation, understands this first-hand. He commented, “Targeted attacks know how to hide from preventative tools, but they can’t hide from the network; by design they need it to get out. This is the level of detection we need.”
Kessler added, “Immediately after deploying SS8 BreachDetect we had identified malicious behavior on our network and could pinpoint the device in question to take it offline and avoid data exfiltration.”
We get smarter about security every day, and what’s needed in today’s complicated breach lifecycle is the ability to not only turn back the clock to uncover the unknown threats, but analyze the past to better forecast for new breaches. SS8 BreachDetect is the answer.