Addison, Texas, October 25, 2011 – Global DataGuard®, the premier provider of network behavior analysis-based (NBA) Unified Enterprise Security ™(UES), today announced the integration of patent-pending emergent behavior detection technology within the company’s architecture-based security suite. This new emergent behavior capability utilizes advanced analysis technologies such as isomorphic connectivity patterns as well as computational and particle swarm optimization to detect indicators of an Advanced Persistent Threat (APT).
Analysts like Gartner’s John Pescatore define an APT as any attack that gets past a company’s existing defenses, goes undetected for long periods and continues to cause damage. These long-term patterns of targeted sophisticated hacking often use spear-phishing, social engineering, and zero-day exploits on end point applications as a means gain initial access.; Once access has been achieved, an attacker establishes a back door, gathers valid user credentials and moves laterally across a network, installing more back doors and bogus utilities, as well as creating a ‘ghost infrastructure’ that allows for the distribution of malware which can remain hidden ‘in plain sight.’ To maintain access without discovery, a hacker must continuously rewrite code and employ sophisticated evasion maneuvers.
For the majority of Advanced Persistent Threats, the intention is to steal data rather than cause damage to a network. Organizations in high-value information sectors such as national defense, manufacturing and financial are prime targets, as evidenced by attacks on Google, RSA, Northrop Grumman and Dow Chemical earlier this year.
“By definition, an APT is best characterized as emergent behavior, and forensic analysis of APTs indicate that these types of attacks incorporate a working knowledge of traditional anomaly detection methods as well as complex evasion techniques,” stated Scott Paly, chief executive officer for Global DataGuard.b “Although APTs are difficult to identify, our patented network behavior analysis and correlation software now utilizes emergent behavior technology to more accurately determine very small changes within complex network relationships. This breakthrough technology provides the capability of overcoming some of the limitations of signature and anomaly detection methods.”
Architecture-Based Behavioral Analysis
Global DataGuard’s emergent behavior technology uses advanced pattern matching across distributed systems to examine the network as a whole and identify bit level changes that are unique to each network.b In this way, Global DataGuard’s security system can view the entire network as a ‘flow of bits’ that can be used to find unusual or altered operation of lower-level systems that may indicate an APT.
Emergent behavior technology is an evolutionary next step for Global DataGuard’s network behavior analysis-based UES system, which can perform predictive analysis by retaining and correlating suspicious raw packet data for a rolling 14-30 days and signature alerts and behavioral profiles for six months or more to provide early warnings of security threats that other products cannot see.
Patented behavioral analysis and correlation technology is an integrated component within the company’s UES and VMware-based Cloud Guard UECS™ portfolio, which also includes Intrusion Detection and Prevention, Vulnerability Scanning and Management, prioritized Threat Management for network, global and vendor threats & vulnerabilities, Security Information and Event Management, Network Access and Policy Monitoring, and a unified,service-enabled console. This architecture-based security system can:
- adapt to evolving networks, track network resources, and detect stealth, reconnaissance or previously unknown threats;
- perform intrusion detection and prevention, including customizable signatures for DLP and compliance;
- perform sophisticated analysis, correlation and alerting on logs and store the raw logs and alerts for over a year;
- provision on-demand vulnerability scanning and real-time correlation of scans with other alerts;
- monitor network access and policies for use of critical assets;
- facilitate data sharing with other UES security applications to connect the dots between multiple threats;
- offer an easy-to-use, instant view of prioritized network, global, vendor and vulnerability threats and the underlying data that created them via a portal that provides unified administration and monitoring;
- ensure zero network latency via 100% passive deployment;
- enable customers to supplement IT staffing requirements with 24/7 managed security services that typically costs less than one full-time employee and can be purchased with or without a contract; and
- provide unparalleled price/performance in an easy-to-install system that can be up and running in hours as opposed to days and weeks for any size business.
All Global DataGuard security products are supported by 24/7 Managed Security and Professional Services that enable businesses to maximize IT security staffing and provide real-time visibility, control and oversight of their organization’s entire network ecosystem. These managed services can be purchased with or without a contract and typically cost less than one full-time employee.
Cloud Guard is also supported by the CloudCheck Certification Program ™, a vendor-neutral service that enables businesses to ensure their cloud or premise-based/private cloud networks meet stringent government and industry standards pertaining to the confidentiality, integrity and security of sensitive customer data.
Pricing and Availability
Global DataGuard’s network behavior analysis-based UES system is available immediately and can be purchased in any configuration, from a single security module to a complete, fully integrated security system. Custom configurations can be designed and priced based on an organization’s unique network requirements. In addition, Global DataGuard’s customizable security suite and managed security services are available through a30-day free product and services evaluationto qualified organizations. Companies interested in this ‘no-cost’ trial offer may request additional information by contacting Global DataGuard at 972.980.1444, x226, or by completing a request for information on the Contact Us section of the Global DataGuard website.