SensorFleet NDR comes exactly in the shape and size you’ll need. What’s more, you can dynamically grow your capability fabric, expanding security monitoring into the domains like OT, or adding new capabilities for IT infrastructure monitoring. We have put together a few example Sensor configurations for IT networks.
Understanding what is in your network and pruning out the unnecessary assets and services will make it difficult for an attacker to gain a foothold. We have a set of Instruments to do just that:
- Traffic Guard learns and inventories your network assets. After the initial inventory, it monitors the network continuously, alerting about the new assets. Catch rogue assets and verify that the actual assets in network and documentation stay in sync.
- PortDiff provides an automated scanning for the open services in the network. PortDiff makes it easy to spot misconfigured software and devices, while also detecting suspicious ports, such as IRC.
Integrity monitoring is best suited for server networks, data centers, DMZ and similar, relatively static networks. This low noise configuration detects the issues that are easy and quick to fix.
IDS-based real-time network traffic monitoring for attacks is a tried and proven technology. In practice, deploying and managing multiple IDS’s for good coverage has been a major obstacle for adoption. SensorFleet removes the obstacle with a unified deployment and management platform across multiple networks. Drop in the Instruments for forensics, and you’ll have an attack detection powerhouse:
- Suricata is a widely used IDS engine with readily available rulesets. SensorFleet platform makes it easy to deploy and manage Suricata at scale
- PassiveDNS will augment IDS alerts with the DNS information
- Traffic Recorder automatically generates packet captures for the alerts and comes with a built in analytics tool for the captures
Lateral movement detection
When an attacker gains a foothold in the network, they typically do reconnaissance to map the terrain with a goal to grab valuable information from an organization. Trap them with:
- Honeypots. SensorFleet platform makes it easy and safe to deploy honeypots in your critical network segments
- Canary files. To level up your lateral movement monitoring, augment it with the combination of canary files and Zeek to detect when someone grabs them
Lateral movement detection is a low noise configuration, typically producing high priority alerts. The Instruments used for detection provide not only the alerts, but also associated forensic data to help with the investigation.