ThreatEye detects attacks in the early stages, so you can disrupt them.
Why are ransomware detection methods failing?
Encrypted network traffic blinds traditional tools like DLP and IDPS. Ransomware threat actors know this and hide their moves inside encryption. Attackers now spend a record amount of time, undetected, on compromised networks. ThreatEye solves this.
LiveAction ThreatEye Detects Ransomware Attacks in Progress
Detect hands-on keyboard attacks through packet dynamics. This works in multiple protocols including RDP, SSH, and THHPS.
ML powered analysis uncovers lateral movement by correlating multiple attacker actions and behaviors.
Analyze 150+ packet dynamic traits so packet inspection is no longer required for security.
Take back the power from attackers trying to hide on your network.
ThreatEye breaks the cycle of lateral movement and other key ransomware stages by detecting their signals regardless of encryption. This approach is called Encrypted Traffic Analysis.
The LiveAction NDR platform empowers network defenders.
ThreatEye combines streaming Machine Learning (MLE) with advanced behavioral analysis to detect threats other tools miss. Enriched alerts are risk scored and Mitre ATT&CK labeled to inform and prioritize response.
Detect Ransomware Across the Network.
ThreatEye is a SaaS based approach that works in cloud, on prem and within protocols like RDP, SSH, HTTPS, and more, regardless of encryption. This generates unmatched network visibility. Encrypted Traffic Analysis means packet inspection is no longer needed for security.
ThreatEye – Advantage – ThreatEye’s analysis of Deep Packet Dynamics, characteristics of network traffic can uncover activity relating to a user browsing a phishing website or clicking on a malicious link in an email that prompts a network-based malware call-back.
ThreatEye – Advantage – ThreatEye uses behavioral baselines to track expected network behavior, identifying resources regularly accessed, such as RDP, VPN, and SSH, maintaining an inventory of communications, used to identify anomalies that could be associated with threat actor initial access
ThreatEye – Advantage – ThreatEye can detect anomalies of host behavior associated to scanning activity, tracking communications to destinations, services, and ports often associated to threat actor discovery.
ThreatEye – Advantage – ThreatEye incorporates change-point detection in its modeling approach to identify outlier anomalies from end-systems normal active social network (clique expansion) and synchronization between new communicating parties, such as unexpected/unauthorized RDP, PowerShell Remoting, unexpected encryption tunnels
ThreatEye – Advantage – ThreatEye can detect a host within your network that has consumed an irregularly large asymmetric volume of traffic, resulting in a significant change in the behavior of that host, often associated with threat actor activity collection and staging data before exfiltration.
ThreatEye – Advantage – Deep packet dynamics help identify encrypted C2 traffic by analyzing SPLT and distinctive traffic patterns. Command and control traffic regularly displays detectable traffic characteristics between the client and server and vice versa. Encrypted Traffic Analysis detects C2 traffic by analyzing packet dynamics such as the packet payload length and the total number of bytes observed in the traffic flow.
ThreatEye Advantage – With command and control and hands on keyboard access, attackers can transfer data from an organization’s systems and devices. Data is often exfiltrated over encrypted channels such as SSL/TLS, SSH, and other encrypted protocols. While some data is exfiltrated in large quantities, attackers often use stealthy techniques such as timing channels to send small amounts of data at a time to avoid detection. The combination of deep packet dynamics features with machine learning is used to detect data exfiltration by understanding application “fingerprints” and analyzing producer consumer ratios (PCR). Examining deep packet dynamics data can identify data exfiltration as anomalous activity.