Skip to main content

ThreatEye Solution Overview

September 29, 2022

 

Sophisticated threat actors have now adapted their tactics so that malware resident on an endpoint is no longer a requirement to breach an enterprise.

  • Stand-alone EDR is increasingly less effective as an effective security strategy
  • Encryption has almost entirely killed off the future of IDS/IPS
  • MFA is not infallible anymore. In the past year alone, according to Microsoft Threat Research, more than 10,000 enterprises have been targeted by phishing attacks, despite MFA.
  • Ransomware attackers are increasing their impact with new methods of targeting organizations

Download our ThreatEye Solution Brief to learn about what our innovation teams have been up to, to help you combat the evolving threat against your business.

 

Contents

    Key Challenges

    Sophisticated threat actors are continually advancing their tactics through phishing and credential theft, social engineering attacks, and exploiting known vulnerabilities to launch cyber-attacks on enterprises. Malware resident on an endpoint is no longer a requirement to breach an organization. With the shift away from signature-based malware used in attacks, strategies focused on leveraging Endpoint Detection and Response (EDR) solutions are increasingly less effective.

    SOC Analysts and Network Security Teams need a superior approach to effectively combat cyber-threats. Depth-indefense strategies will always prove useful, but traditional security staples are proving ineffective to rapidly evolving threat actor methods.

    The increased adoption of encryption by enterprises to harden their security posture and protect data has almost killed off the future of Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) solutions. For organizations to make an immediate impact against adversaries and stay ahead of tomorrow’s threats, a different security strategy is overdue.

    Encrypted Traffic Visibility and Advanced Behavioral Analysis

    Eliminate Network Blind Spots

    Encryption on the rise has rendered legacy EDR, IPS and IDS solutions ineffective in combating cyber-attacks. Decryption as a strategy is a doomed approach. Decryption leads to massively degraded network performance in addition to being difficult to manage and is also expensive to operate. ThreatEye’s approach to encryption applies machine learning to deep packet dynamics without having to decrypt traffic. This approach significantly reduces operational complexity and costs to eliminate encryption blindness by detecting threats without having to inspect packet content.

    Empower Efficient, Effective Secops

    ThreatEye’s AI-powered NDR solution enables simplified management of the threat investigation life cycle by combining and correlating sets of high-fidelity findings to track the state of an incident.

    ThreatEye’s workflow capabilities support SOC analyst workflows with integrated packet analysis insights. This allows analysts to collaborate across their teams with an interactive layer. ThreatEye’s integrated approach to searching, collaborating, and alerting, all in one place

    • enables easy pivots from incident findings to flows to packets
    • delivers lower mean time to resolution (MTTR)
    • reduced costs of investigation by categorizing and classifying findings
    • into incident states, conditions, and techniques

    Auto-Correlated findings and enriched metadata provides complete contextual and actionable information needed to resolve incidents. ThreatEye collects and correlates information from disparate data sources such as geography, passive DNS, MITRE ATT&CK techniques, threat intelligence, risk, and threat scores, and more to aid responders with the best course of action for any investigation.

    With a full REST API, ThreatEye interconnects with existing security tools such as SIEMs, SOARs, and Threat Intel solutions seamlessly. This allows SecOps teams to use ThreatEye as a valuable and easy addition to their existing security defense without creating more disparate environments within their organization.

    Enable Rapid Security Incident Response

    Predictive Threat Intelligence gives you an edge against Attackers. Threat Intelligence today is reactive, relying on Indicators of Compromise (IOCs) from active campaigns to get discovered and shared. You’ve likely already been breached to see an alert where you matched with an IOC.

    ThreatEye’s threat intelligence feeds are curated by our team to provide up-todate indicators for active threats in the wild. This feed includes predictive threat intelligence and campaign tracking, revealing IPs and domains associated with threat actors before they are activated.

    Tailored and predictive threat intelligence sets off fire alarms when users connect to threat actor infrastructure before campaigns are known, and IOCs get shared across the community

    Lowering the time to detection reduces the dwell time of threat actors operating in an environment, in turn reducing the impact of ransomware attacks on enterprises. ThreatEye’s advanced behavioral analysis allows analysts to quickly identify anomalies as the solution applies advanced AI to fingerprint profiles to understand when assets are behaving differently.

    How ThreatEye Works

    Supporting the ThreatEye platform is-an AI-powered analysis pipeline, combining data collection, advanced behavioral analysis, predictive threat intelligence, and machine learning to detect threat actors and comply with security regulations. Unfazed by encryption, ThreatEye examines network traffic traits and characteristics with machine learning-based analysis. Unlike traffic analysis solutions built on DPI technologies, the ThreatEye platform leverages Deep Packet Dynamics (DPD) to analyze traffic flows without decryption. DPD provides high-fidelity flow records with over 150 features for each flow—all without payload inspection. Packet Dynamics, backed by machine learning, enables new insights into encrypted traffic

    AI-Powered Advanced Behavioral Analysis

    ThreatEye’s AI-powered fingerprinting learns how networks operate and how devices interact. ThreatEye discovers anomalies by tracking multiple vectors of information, like Producer-Consumer-Ratios (PCRs) and nth degree social networks, to know when an attacker is active in an environment. ThreatEye creates a historical inventory of traits and behaviors, fingerprinting, mapping, and profiling assets. This technique works equally well with encrypted and unencrypted traffic. Machine Learning models are applied to identify behavioral anomalies indicating threat actor presence.

    Key Benefits

    • Encrypted Traffic Analysis
    • Real-Time Threat Detection
    • Advanced Behavioral Analysis
    • Predictive Threat Intelligence
    • Effective when EDR/IDS/MFA is bypassed
    • Decreased Time to Investigate and Respond
    • Validate Encryption Policy Compliance
    • Auto Correlated and Enriched Findings with Passive DNS
    • 365 Days of Retention
    • Asset Tracking and Risk / Threat Scoring
    • Unified Sensor & Intelligent Packet Capture
    • Deploys in Minutes

    Learn More

    For more information about ThreatEye, please visit:
    https://www.liveaction.com/threateye

    Download the Solution Brief

    Download 

    About LiveAction

    LiveAction provides end-to-end visibility for network security and performance. By relying on a single source of truth – the packets – LiveAction gives modern enterprises the confidence needed to ensure the network is securely meeting business objectives, providing full network visibility to better inform NetOps and SecOps, and reducing the overall cost of network and security operations. By unifying and simplifying the source of collection, inspection, presentation, and analysis of network traffic, LiveAction empowers network and security professionals to identify, troubleshoot, and resolve issues across increasingly large and complex networks proactively and quickly. To learn more about LiveAction, visit www.liveaction.com.