Malicious Activity Assessment
Know Your Risk. Act Before Impact.
On a long enough timeline, the probability of preventing a breach eventually reaches zero. Illuminate your blind spots, discover threat actors that may already be present and pinpoint areas in need of defensive refinements with a Malicious Activity Assessment.
Assume the suspicious is malicious.
Identify threats lurking within your networks and those looking to take advantage of blind spots with 45 days of continuous network monitoring.
Detect the known.
Hunt the unknown.
Isolate before impact.
Detect the known, identify the unknown and isolate attackers before they can achieve their objectives with embedded threat hunting.
Identify blind spots.
Understand your risk.
Adapt for the future.
Pinpoint areas of greatest risk and adapt your defenses with investigation details and refinement recommendations.
A Breach Could Be On the Horizon.
Malicious Activity Assessment augments eSentire partners’ risk assessments providing 45 days of continuous network visibility to detect known, unknown and evasive threats that may be present or are bypassing preventative measures.
Network data is fed to 24x7 SOC analysts who leverage proprietary hunting methods to confirm and isolate attackers before their objectives are achieved. Summary reports illuminate where preventative measures failed, and areas that require refinement.
As a result, your organization identifies defensive weaknesses over an extended timeframe against real-world attackers.
To learn more, download our Malicious Activity Assessment Infographic.
Continuous Threat Monitoring
eSentire SOC analysts monitor all network activity 24x7, with no reduction in coverage or reliance on on-call employees. We average 35 seconds or less from notification of a possible event to begin a human investigation.
Full Packet Capture (PCAP)
Summary metadata and targeted queries into full PCAP data to confirm or explain an event with forensic analysis techniques.
Captures HTTP traffic and provides full forensics view complete with referrer and user agent. It also uses a proprietary Deep Packet Inspection (DPI) engine to detect and capture URLs.
IP Blacklist (AMP)
Uses a proprietary DPI engine to detect traffic from blacklisted IPs.
Data Loss Analysis
Provides outbound file capture, such as email attachments, for threat qualification and forensic analysis including SMTP, cloud storage, FTP transfers, etc.
Detects suspicious behavior such as unusual ports scans, sequential scans and “spamming” machines.
Detects abnormal bandwidth usage if there is a suspected internal threat (exfiltration or otherwise) or a Distributed Denial of Service (DDOS) attack.
SSL Decryption and Traffic Disruption
Detects SSL based malware for profiling and threat signature creation.
Active Threat Hunting
Signals that are unusual are marked as threats and fed into eSentire’s analytics pipeline and suspicious activity identified via human investigation and confirmation.
Immediate alerting from a human analyst at the eSentire SOC upon detection of both confirmed threats and unusual behaviors or activity.
Tactical Threat Containment
Rule-based detection and mitigation capabilities can automatically “kill” TCP connections in real-time or to notify SOC analysts.The SOC can also manually “kill” TCP connections on the client’s behalf preventing a threat actor’s spread.
Embedded SOC support includes forensic investigation to determine the root cause of confirmed threats and corrective actions.
SOC analysts deliver deeper analysis to determine true positives and further escalation of security incidents for corrective action with defined threat context.
Analysts provide co-managed remediation until the threat actor is completely eliminated, not simply alerts and general guidance.
Dedicated client engagement team provides weekly reports of activity, SOC findings, notable investigations and malicious activities detected.
At the conclusion of the engagement an executive summary meeting provides high level and detailed insight into your risk posture and recommendations for defensive refinement.
Uses a proprietary DPI engine to stop traffic from IPs that are located in a specific country or blocks them based on the country’s domain.
Executable Analysis and Blocking
Provides whitelist-based executable download detection and mitigation. If a file is not in the whitelist, analysts intervene and block the download by killing the connection in real time.
Talk to a Malicious Activity Assessment Sales Representative Today