IT Security

SensorFleet NDR comes exactly in the shape and size you’ll need. What’s more, you can dynamically grow your capability fabric, expanding security monitoring into the domains like OT, or adding new capabilities for IT infrastructure monitoring. We have put together a few example Sensor configurations for IT networks.

Integrity monitoring

Understanding what is in your network and pruning out the unnecessary assets and services will make it difficult for an attacker to gain a foothold. We have a set of Instruments to do just that:

  • Asset Guard learns and inventories your network assets. After the initial inventory, it monitors the network continuously, alerting about the new assets. Catch rogue assets and verify that the actual assets in network and documentation stay in sync.
  • PortDiff provides an automated scanning for the open services in the network. PortDiff makes it easy to spot misconfigured software and devices, while also detecting suspicious ports, such as IRC.

Integrity monitoring is best suited for server networks, data centers, DMZ and similar, relatively static networks. This low noise configuration detects the issues that are easy and quick to fix.

Attack detection

IDS-based real-time network traffic monitoring for attacks is a tried and proven technology. In practice, deploying and managing multiple IDS’s for good coverage has been a major obstacle for adoption. SensorFleet removes the obstacle with a unified deployment and management platform across multiple networks. Drop in the Instruments for forensics, and you’ll have an attack detection powerhouse:

  • Suricata is a widely used IDS engine with readily available rulesets. SensorFleet platform makes it easy to deploy and manage Suricata at scale
  • PassiveDNS will augment IDS alerts with the DNS information
  • Traffic Recorder automatically generates packet captures for the alerts and comes with a built in analytics tool for the captures

Lateral movement detection

When an attacker gains a foothold in the network, they typically do reconnaissance to map the terrain with a goal to grab valuable information from an organization. Trap them with:

  • Honeypots. SensorFleet platform makes it easy and safe to deploy honeypots in your critical network segments
  • Canary files. To level up your lateral movement monitoring, augment it with the combination of canary files and Zeek to detect when someone grabs them

Lateral movement detection is a low noise configuration, typically producing high priority alerts. The Instruments used for detection provide not only the alerts, but also associated forensic data to help with the investigation.

Previous environment SOC service providers Next environment Industrial equipment integration

Contact & Locations

contact@sensorfleet.com

Privacy policy »

© SensorFleet Oy
Business ID: 2884312-2

Oulu

SensorFleet Oy
Teknologiantie 11
90590 Oulu
Finland

Sami Petäjäsoja
+358 40 503 0745

Helsinki

SensorFleet Oy
Hitsaajankatu 22
00810 Helsinki
Finland

Simo Mäkipaja
+358 40 583 3999