Advanced adversaries will evade security controls. To spot and stop them quickly, the assistance of a fully managed Advanced Endpoint Threat Detection (AETD) service can be a critical "ace in the hole" for your security team.
Forty percent of enterprises polled in Ponemon Institute’s 2014 State of Endpoint Risk Report said their endpoints had been the entry point for an Advanced Persistent Threat (APT) during the previous 12 months. To make matters worse, just 24 percent said their endpoint security technologies alerted staff to a potential breach. Adversaries have taken advantage of the opportunity presented by an array of endpoints to target "land and expand" penetration attacks. While your security team is increasingly aware of the risk, staying on top of it around the clock is a challenge. After all, cybercriminals work at their craft 24X7. To address this challenge, security event response must become a daily practice, not a point-in-time plan you hope to never need.
Our Advanced Endpoint Threat Detection (AETD) solution makes incident response a daily habit. We provide 24x7 detection and analysis of potential threats on your endpoints so that you can respond quickly as often as required. AETD goes beyond identifying a threat to accessing extensive intelligence on threat actors and their tradecraft, helping you to accelerate your response by pinpointing exactly which systems are compromised, how it happened and how you can repair them.
How can you know when an advanced threat actor penetrates your information security defenses, which systems are compromised, how they got in, and how to get them out? Secureworks Advanced Endpoint Threat Detection service is a fully-managed security service that gives you the earliest possible warning that your endpoint systems may be hosting an advanced adversary.
Your security team will appreciate our Advanced Endpoint Threat Detection service that provides:
- Always-on endpoint assessments. The always-on nature of the solution gives you the earliest possible warning that indicators of compromise have been detected.
- Unique endpoint intelligence delivered by the industry's leading security research team. It's not enough to have an always-on system – you've also got to know what to look for. Secureworks has conducted advanced threat hunting engagements on hundreds of thousands of systems and has developed signatures for detecting endpoint compromise that you won't find anywhere else.
- 24x7 monitoring by security experts. Secureworks experts that are specially trained to analyse advanced threat will monitor the output of your system 24X7, determine the severity of any incidents, and will escalate critical incidents to you promptly. From there, you can address the problem yourself or quickly engage Secureworks Incident Response experts to assist (where contracted).
- Specific data around attack vector. Many competing systems simply advise you to re-image compromised devices. That can be expensive, time-consuming, and extremely inconvenient for your user. Secureworks can tell you precisely how the system was compromised allowing you, in many cases, to patch rather than re-image. And you can apply this knowledge to other systems, limiting any future compromises.
- A fully managed service. Secureworks experts will not only patch and update the analysis software and monitor the system's availability, but they will also deploy new intelligence updates on a regular basis from knowledge we gain from the field from over 4100 clients in 61 countries to detect more threats than our competition.
- Detect more threats. The Advanced Endpoint Threat Detection service is based on proprietary endpoint intelligence that is developed by our Secureworks CTU research team. Based on our experience conducting hunting engagements, we know what to look for and often detect more threats than the competition.
- Maximise endpoint visibility. The combination of AETD with Advanced Network Threat Detection lets us see an advanced threat actor's activity as he enters the network and spreads out. Other managed security service providers cannot provide this level of visibility.
- Receive actionable guidance to remediate. Once we notify you of the threat AETD has detected, our senior intrusion analyst team will leverage our CTU intelligence to provide you with actionable next steps to guide your response to eradicate the threat. This significantly lowers the risk of data exfiltration because you are able to disrupt the threat actor earlier in the kill chain of the attack.
- Reduce costs. This service reduces cost by helping you pinpoint the affected systems quickly. The resulting incident response and remediation work can then be accomplished more quickly and at a lower cost.
- Make existing investments more effective. AETD enhances your IDS/IPS and firewall detection capabilities. If one of your other security tools notifies you of a suspicious event, our analysts are able to leverage AETD to quickly determine if it is a real threat or not to give you more context behind the event.
AETD supports two technologies: Red Cloak and Carbon Black
AETD Red Cloak
AETD Red Cloak is a cloud-based service focused on continuous endpoint monitoring powered by SecureWorks proprietary CTU intelligence. Developed in house by SecureWorks and proven in the field by our Incident Response and Targeted Threat Hunting teams over the last three years, AETD Red Cloak can detect both threat activity behaviour and malware.
AETD Carbon Black
AETD Carbon Black is an on-premise service focused on continuous endpoint monitoring powered by a subset of SecureWorks CTU intelligence as well as 3rd party intelligence. AETD Carbon Black focuses on malware detection and acts as an endpoint flight recorder, focusing on file execution, the system registry, and network connections. This enables our platform to push CTU Intelligence in these areas across your endpoints and immediately respond to detected threats.