To stay ahead of advanced adversaries targeting your organisation, you need the earliest possible warning of a compromise on your endpoints by combining up-to-the-minute threat intelligence, expertise, and powerful technology.
Too often, threat actors go totally undiscovered within your environment for months and sometimes even years. According to Ponemon Institute's '2015 Cost of Data Breach Study', the malicious attacks analysed in the report took an average of 256 days to identify and 82 days to contain – more than enough time for adversaries to make off with your valuable data. In the past year at SecureWorks, we've seen an alarming trend where adversaries are using little to no malware to gain access to your environment by leveraging compromised credentials and your own virtual private network (VPN). This difficult to detect tactic is called "living off the land" and it was used to gain entry in more than half of the cyber-espionage incidents we responded to last year.
What can Advanced Endpoint Threat Detection (AETD) - Red Cloak™ do for you?
AETD Red Cloak makes incident response a daily habit by giving you unified visibility and interpretation of all of the data across your endpoints so that you can reduce the time to detect and the effort to respond to all types of threats, even attackers using "living off the land" techniques. Powered by up-to-the-minute threat intelligence, AETD Red Cloak provides you with 24/7 vigilant monitoring of endpoint activity by our senior intrusion experts from the Counter Threat Unit™ (CTU) research team as well as the global visibility that comes from protecting more than 4,100 clients in 61 countries.
How does AETD Red Cloak Work?
Lightweight sensors are provisioned in minutes for you to download to your endpoints. AETD Red Cloak's sensors search for forensic evidence of malicious activity while continuously collecting information about what is happening on the device, such as what programs are running, what commands are being executed, network connections, thread injection, memory inspection and more. The sensors send the collected data to the Red Cloak Analytics system, hosted off-premise, where it is analysed using intelligence from SecureWorks' CTU researchers to spot attacker behavioural patterns and other indicators of compromise. An alert is generated with a rating on severity, confidence and threat event classification and investigated by a security analyst in our Counter Threat Operations Centre (CTOC). High-severity targeted events are escalated to Senior Intrusion Analysts, who deconstruct the event and send you actionable guidance to remediate the threat.
How is Red Cloak different?
Red Cloak adds a deeper level of detection capability on your endpoints because of the application of Secureworks CTU cybersecurity intelligence. Our Special Operations researchers have covered the globe to conduct hunting engagements using the Red Cloak technology. They're experts who know how the threat actors behave — and what they're looking for. AETD Red Cloak looks for behaviours, rather than just signatures and malware by blending multiple views of system activity to see beyond static indicators such as IP addresses and domain names. AETD Red Cloak has been used on over 3.5 million endpoints around the world.
AETD Red Cloak Key Benefits
- Detect more threats: Leverages SecureWorks CTU threat intelligence to detect advanced malware including zero-day threats and adversary behaviour when no malware is used
- Reduce the time to detect: Slashes the time required to detect and respond to cyber-attacks from months or weeks to hours or minutes, which significantly lowers the risk of your data being exfiltrated during an attack
- Reduce the effort and cost to respond: AETD Red Cloak pinpoints exactly which endpoints are compromised so that you can focus your effort on the 25 compromised endpoints rather than all 25,000 endpoints in your environment
- Receive actionable guidance to remediate: Our Senior Intrusion Analyst team provides you with forensic data, customised and focused threat research with specific recommendations to address issues
- Minimise business disruption during response: By tracking exactly what happened, your IT team can surgically pinpoint the remediation without having to reimage an entire system, reducing disruption and cost when responding to an investigation
- Makes existing investments more effective: If your IDS/IPS/Firewall alerts you to an event, leverage AETD Red Cloak to quickly determine if it is a real threat