Solution is designed to audit enterprise information systems in order to reveal active targeted attacks or their traces, including the injections of sophisticated malware being a tool commonly used by intruders.
Mass attacks ("commodity" threats) differ from targeted ones.
InfoWatch Targeted Attack Detector leverages a dynamic attack detection technology
The solution constantly scans the system to collect and classify a wide range of system item parameters. Such scanning results in a so-called system slice being subject to various types of analysis.
Classification of all items in the system slice. Such methods as classifiers (decision tree), whitelisting, anti-rootkit technologies, similar item discovery mechanisms (k-nearest neighbors algorithm) are used. The static analysis reveals items that have non-typical properties.
This type of analysis is aimed at detecting changes and searching for anomalies therein. To determine what slices should be compared against each other, there is an algorithm that recognizes time dynamics, critical events in the system, and external changes.
To define the causes of anomalies, InfoWatch Targeted Attack Detector uses a unique expert system and a number of meta-classifiers that process the results delivered by other analyzers (static and dynamic). If unknown malware is detected, then InfoWatch analyst steps in to report the malware, the detailed description of its actions and consequences for the enterprise infrastructure.
An agent is installed on each enterprise computer to continuously monitor IT infrastructure and keep a log It allows for even those cases to be analyzed when an emerged file was active during literally microseconds only.
A unique cloud system that identifies anomalies and classifies huge data volumes (Big Data). The system is for anomaly identification and classification.
Information security officer or system administrator can access the operation parameters of InfoWatch Targeted Attack Detector by themselves and check the following: agent statistics, scan jobs, discovered objects, new, suspicious or malicious objects.
InfoWatch Targeted Attack Detector will detect the use of technical tools employed to steal corporate information. Although DLP systems are designed for information leakage protection, generally they do not have any tools, which can detect special malware used to steal data and bypass DLP protection.
The solution will detect data theft tools and thus prevent the leakage. In combination with InfoWatch Traffic Monitor, the solution is a unique protection complex based on the cutting-edge methods and technologies.
View datasheet about solution here
Please fill out the form and we will contact you