| Feature |
Description |
Client Benefit |
| Rapid identification of internal compromised systems, including Zero-Day attack activity |
- Tracks new and newly active targeted attack traffic
- Instant analysis of type/severity of compromise
- Fast, accurate identification of malware activity
|
- Faster recognition and alerting drives a more flexible, more thorough response
- No guesswork. You know what's compromised
|
| Real-time protection for internal systems |
- Locates actual IP address of attack controllers
- Isolates targeted attack Command-and-Control
- Prevents individual compromises from acting as a unified targeted attack
|
- Allows client to prevent individual compromises from acting as a unified attack
- Allows client to prevent compromises from taking the actions issued by malicious controllers
- Protects other internal devices from compromise
|
| Fast, accurate analysis of botnet/APT malware and targeted attack activity |
- Malware attack, reconnaissance and polymorphic capabilities
- Recent targeted attack activity including rallying and attack information
- Relative size of botnets across the Internet
- Remediation guidance for compromised systems
|
- Opens window for controlled remediation
- Assists in prioritizing remediation activities
- Assists in locating the exact file or binary representation on the compromised machine
- Educates executive management on targeted threats to intellectual property
|
| Finds threats that AV and IDS/IPS miss |
- Works without signatures
- Recognizes polymorphic bot malware
- Finds threats that evade network -based security
|
- Provides comprehensive protection for network-based threats that signature- and packet-based security technologies can't detect
|
| 24x7x365 insight into botnet/APT activity |
- Daily summary reports
- Customized alerting for each user
- Internal and external threat trends over time
- Complete history of compromised hosts
- Detailed compromise information, including communications between compromise and CnC
- Botnet membership, capabilities and intent
|
- Delivers critical insight into the severity and risk introduced by each compromised asset
- Ensures that the user receives the actionable information in the most efficient manner possible in order to protect the enterprise
- Provides comprehensive log playback, which details all aspects of individual malicious communications sessions
|
| Terminates botnet and APT activity |
- Severs malicious CnC communications between compromised systems and malicious controllers
|
- Systems continue to operate normally, even though the threat has been neutralized
- Administrators gain time for prioritized workflow and planned, orderly incident response
|
