Obsah této stránky vyžaduje novější verzi aplikace Adobe Flash Player.

Získat aplikaci Adobe Flash Player

Network Security Monitoring Service

Cognitive Security and its partners provide a unique network security monitoring service. Delivered via an appliance based on client premises or in the cloud, it helps the clients to protect their networks from advanced malware, targeted attacks, custom-written attacks and other attacks that might be present in their networks.

The Risks We Cover

Advanced attack techniques have recently seen a surge in their use, thanks to the proliferation of the techniques previously used by government-level adversaries to the organized crime level. Currently, specialized criminal organizations provide any component necessary to mount a highly sophisticated attack at very affordable price levels. This results in a high number of attacks that can currently affect virtually any organization, large or small, worldwide. Direct monetary profit is no longer the primary target of the attackers. More often, they target customer information, financial data, product, engineering and research information and other high-value information present in the company network.

How it Works

The service offered by Cognitive Security consists of fully-managed operation of one or more CO|SE appliances that process the NetFlow statistics observed on customer networks. Cognitive Analyst instances receive the statistics and use it to autonomously build a progressively enhanced model of normal network behavior. This model is then used to isolate the incidents which are significant from the security perspective and may be related to the attacker's activities within the network. The analysts, providing regular monitoring and reporting, use highly precise detection engine to prepare a report that highlights the security risks and suggest specific forensics or protective actions as a follow-up.

Unique Detection Engine

Successful and efficient delivery of the service relies on the expertise of professional, highly experienced security experts performing the analysis and the unique detection engine designed and productized by Cognitive Security. The detection technology based on the anomaly detection paradigm is used to build precise models of network behavior. The collaborative detection process based on these models allows highly reliable detection of professional, stealthy attackers, that work under the assumption that an IDS system has been deployed on the network in question. The detection engine takes this category of attackers into account by design, and uses the techniques from the field of dynamic optimization, game theory and algorithmic game theory to build robust, yet difficult to predict detection decisions. These, in turn, allow the analysts to spot the attacker's actions.

Another unique feature of the solution is its ability to configure itself, regardless of the network type or the level of compromise (i.e. the ratio of malicious traffic) at the moment of service deployment. Highly reliable self-configuration engine builds the optimal anomaly detection engine for the given type of environment and uses the above-referenced game-theoretical techniques not only to strategically randomize the detection profile of the system, but also to adapt the system w.r.t changing conditions, for example automatically increasing its sensitivity at night or during the low-traffic periods.

Service Delivery

The service is delivered to the customer through three channels:

  • Regular inspection reports: The reports are provided with the periodicity (weekly, bi-weekly or monthly) specified in the Service Level Agreement. They outline the security status of the monitored network, provide management-level overview and statistics and a detailed analysis of detected security incidents. This analysis contains the incident characterization, risk assessment hypothesis, possible explanations and the follow-up actions recommended by the analyst.
  • Proactive alerts on Critical/Major problems spotted by the SOC personnel: When the Security Operations Center receives a notification of ongoing high-volume or high-severity situation in customer network, the analysts can inform the client proactively, in order to prevent the threat propagation in the network. However, due to their highly-automated nature, the alerts are not provided on the same level of detail as the regular analysis and only encompass automatically detected and correctly classified critical and/or major security issues.
  • Web-based, graphical user interface available both to the user and the analyst: The client has full access to the user interface of the appliance and can follow-up on the reports (that feature embedded links to the GUI) or use the appliance for independent monitoring and analysis.

How is it installed

Service installation and integration with other security systems is performed by the local partner of Cognitive Security. The partner determines the needs of the client, presence of NetFlow sources and other information sources and suggests the ideal deployment configuration and SLA parameters. Upon customer approval, the system is deployed and the service delivery starts.

Local Partners for Sales

The service is provided by an extensive network of partners throughout the EU and US markets. Please, contact us for partner lists.

Contacts

  • support at cognitive-security.com
  • Ondrej Panek (ondrej.panek at cognitive-security.com)
  • Karel Simek (karel.simek at cognitive-security.com)

Section Navigation

Recent Cases

March 2011: Compromise discovered

"Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." RSA/EMC SEC filling

Lockheed Martin:

Unknown hackers have broken into the security networks of Lockheed Martin Corp (LMT.N) and several other U.S. military contractors, a source with direct knowledge of the attacks told Reuters. They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys from EMC Corp's (EMC.N) RSA security division, said the person who was not authorized to publicly discuss the matter. (Reuters, May 27)

Raytheon/Boeing:

...immediate companywide actions in March ... "As a result of these actions, we prevented a widespread disruption of our network," he said.

Boeing [...] had a "wide range" of systems in place to detect and prevent intrusions of its networks. "We have a robust computing security team that constantly monitors our network," he said.

April: L3 compromise discovered

"L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information," (Internal L3 email)