Good cyber security is nowadays more complicated than just matching signatures with known malware. Many of the most devastating attacks against companies cannot even include malware at all, instead they rely on social engineering, insider threats, and tools and processes that are already approved for use within a network hijacked for malicious purpose.
To stop many of these advanced attacks, it is necessary to detect and diagnose malicious intent, even if there is no smoke gun. That concept may look a bit like Tom Cruise, who predicts crimes Minority report style, but it is essentially what & # 39; the world's best threat hunters set their skills to high standards. They can look at apparently disparate events, develop a premonition and sometimes discover major threats or even threat campaigns. The problem is that good threat hunters are as rare as paint crystals.
The Awake Security Platform can fill that gap. Although it ultimately performs what could be considered an innovative threat hunt, it is technically a traffic monitoring platform, although a highly advanced platform that focuses on potential threats that other defenses often miss.
The heart of the platform is the Awake Hub, which can be implemented on site or in the cloud. Traffic data that is moved through a secure network is routed to the hub by sensors placed at strategic points. The sensors are usually software-based, although they may exist as hardware for unusual network implementations. They can be placed anywhere and everywhere in a network, but the frequently used bottlenecks are the link to the data center, the network gateway, the authorization servers for the user network, in the internet of things (IoT) infrastructure, at the point where data is sent to the cloud flows, as a connector for software as service programs & within the operational technology (OT) network if an organization has that. The footprint of the implementation has no effect on the pricing, which is based on the total throughput of the traffic being monitored.
Once implemented, the Awake Platform starts to discover all devices on a secure network. It does this without performing scans or deploying agents. Because it is located at the points where all network devices, such as authorization servers, are eventually sent in or sent, it will eventually discover every active device. Based on its previous experiences with securing networks, it can identify almost any type of network device that uses only those interactions with the bottlenecks. For example, it was able to correctly identify both an IoT medical device and an electronic water bottle from their network activity.