It took an average of 49 days to detect a Data Breach
Data Breach cannot be discovered by looking at dashboards with statistics of collection, nor most of the signature based anti-virus systems. It may be discovered by Network Behavioural Anomaly, such as your web servers are browsing the internet, without using DNS hostnames; Network traffic is leaving your server(s) persistently; New scheduled jobs are created in your servers; New privileged accounts are created in servers for domain directories, ...etc. These are IoCs (Indicators of Compromise).
Multiple IoCs are collected from NetFlow, CTI (Cyber Threat Intelligence), Logs from Security Devices and Servers, our Athena Security Detections help organisations to stay ahead of external attacks, threats and malware, fostering continuous threat activity and security monitoring, fastening incident response process and enhancing the ability to investigate and respond to known, unknown and advanced threats.
Reduce Time to Discover Cyber Security Incidents
Millions of logs are collected per hour, thousands of alerts generated by security devices have to be verified, hundreds of IP addresses retrieved have to be checked, and multiple IoCs (Indicators of Compromise) to be correlated to judge, of higher confidence, if a cyber security incident was taken place.
Multiple Tools for Multiple IoCs (Indicators of Compromise)
Signature based Detections (e.g. Anti-virus, etc.)
- File based Malware
- Blacklist URLs, etc.
Network Anomaly & CTI (Cyber Threat Intelligence) Detections
- Web Servers HTTP POST to image files
- Network Traffic to Blacklist IP Addresses
- Web Browsing without DNS Hostname(s)
- Network Leaving a Server to Internet for Hours
- A server is Scanning Internal Network, etc.
Server Logs & Host based Anomaly Detections
- Login Success after Multiple Login Failures
- Creation of New Privileged Accounts
- Creation of New Scheduled Tasks
- Excessive Read of Files, etc.
How Athena Accelerates Detections
Athena solutions leverage Elastic Stack to deliver a platform that is massively scalable, handles high data ingestion rates, is fault tolerant and supports reliable and economical long-term data retention. It centralises, normalises, aggregates, archives, visualise and analyse petabytes of data in real-time, equips organisations all the essential security capabilities including simplified log management, full traceability of activities, advanced security analytics for exception and anomaly detection, automated response within minutes and out-of-the-box reporting and dashboards.
Athena Security Detections
- An Elasticsearch Plugin
- Annual CTI subscription
- Checks Every IP & DNS Hostname
- for Known Good & Known Bad
- Athena CTI &
- Packaged Software Appliance
- Network Packets from Span Ports
- Visualise Network in Real Time
- Historic & Forensic
- Athena NetFlow &
- UI for Search & Aggregation
- Scheduled Search & Notification
- NetFlow, HTTP & DNS Analytics
- Detects Malware, Data Exfiltration,..
- Athena Netica &
- Syslog, HIDS, NIDS, etc.
- Key Fields Normalized
- Firewall, Web, Logon,.. Analytics
- Detects ATO, System Compromise,..