Cognitive Security and its partners provide a unique network security monitoring service. Delivered via an appliance based on client premises or in the cloud, it helps the clients to protect their networks from advanced malware, targeted attacks, custom-written attacks and other attacks that might be present in their networks.
Advanced attack techniques have recently seen a surge in their use, thanks to the proliferation of the techniques previously used by government-level adversaries to the organized crime level. Currently, specialized criminal organizations provide any component necessary to mount a highly sophisticated attack at very affordable price levels. This results in a high number of attacks that can currently affect virtually any organization, large or small, worldwide. Direct monetary profit is no longer the primary target of the attackers. More often, they target customer information, financial data, product, engineering and research information and other high-value information present in the company network.
The service offered by Cognitive Security consists of fully-managed operation of one or more CO|SE appliances that process the NetFlow statistics observed on customer networks. Cognitive Analyst instances receive the statistics and use it to autonomously build a progressively enhanced model of normal network behavior. This model is then used to isolate the incidents which are significant from the security perspective and may be related to the attacker's activities within the network. The analysts, providing regular monitoring and reporting, use highly precise detection engine to prepare a report that highlights the security risks and suggest specific forensics or protective actions as a follow-up.
Successful and efficient delivery of the service relies on the expertise of professional, highly experienced security experts performing the analysis and the unique detection engine designed and productized by Cognitive Security. The detection technology based on the anomaly detection paradigm is used to build precise models of network behavior. The collaborative detection process based on these models allows highly reliable detection of professional, stealthy attackers, that work under the assumption that an IDS system has been deployed on the network in question. The detection engine takes this category of attackers into account by design, and uses the techniques from the field of dynamic optimization, game theory and algorithmic game theory to build robust, yet difficult to predict detection decisions. These, in turn, allow the analysts to spot the attacker's actions.
Another unique feature of the solution is its ability to configure itself, regardless of the network type or the level of compromise (i.e. the ratio of malicious traffic) at the moment of service deployment. Highly reliable self-configuration engine builds the optimal anomaly detection engine for the given type of environment and uses the above-referenced game-theoretical techniques not only to strategically randomize the detection profile of the system, but also to adapt the system w.r.t changing conditions, for example automatically increasing its sensitivity at night or during the low-traffic periods.
The service is delivered to the customer through three channels:
Service installation and integration with other security systems is performed by the local partner of Cognitive Security. The partner determines the needs of the client, presence of NetFlow sources and other information sources and suggests the ideal deployment configuration and SLA parameters. Upon customer approval, the system is deployed and the service delivery starts.
The service is provided by an extensive network of partners throughout the EU and US markets. Please, contact us for partner lists.
"Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." RSA/EMC SEC filling
Unknown hackers have broken into the security networks of Lockheed Martin Corp (LMT.N) and several other U.S. military contractors, a source with direct knowledge of the attacks told Reuters. They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys from EMC Corp's (EMC.N) RSA security division, said the person who was not authorized to publicly discuss the matter. (Reuters, May 27)
...immediate companywide actions in March ... "As a result of these actions, we prevented a widespread disruption of our network," he said.
Boeing [...] had a "wide range" of systems in place to detect and prevent intrusions of its networks. "We have a robust computing security team that constantly monitors our network," he said.
"L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information," (Internal L3 email)