skip to Main Content

SS8 BreachDetect

Time Machine for Advanced Threat Detection 

Recursive analysis of high-definition network metadata accelerates the threat detection and incident response workflow—pointing to specific compromised devices.

Watch Demo Resources

INSIDE THE SOLUTION

Advanced Threat Detection

SS8 BreachDetect provides device-centric alerting and powerful network investigation capabilities that accelerates threat detection times and reduces or eliminates threat dwell time.

Software Sensor
High-performance application-aware software sensors deploy with ease passively on the network to generate high-definition records (HDRs) that are stored for analysis

Enrichment
User ID data from a directory store (e.g. Active Directory) combines with reputation data from Webroot® and any other source of threat intelligence to correlate with network history

Recursive Analytics
SS8’s data retention and analytics platform (DRAP), continuously analyzes recorded network history and scores network behaviors tied to specific devices and users

BreachDetect Discovery
Simplified workflows with device-centric alerting and robust visualizations built for the security analyst take the guesswork out of hunting for threats

Above “Advanced Threat Detection” section from:Advanced Threat Detection page

INTERNET COMMUNICATION DISCOVERY KEY COMPONENTS

Key Components

The SS8 IC Discovery solution provides the query and filtering needed to precisely retrieve the order-relevant Internet communication records (ICRs). SS8 has worked extensively with law enforcement and intelligence agency analysts to create ICR-driven workflows and visual analytics tools that makes the job of deriving actionable intelligence from ICRs fast and easy.

Sensor + PXE
Deployed on the internal network to records East/West traffic

Analytics
DRAP rewinds network history and pattern of life activity

IC Discovery
IC Discovery interface used to extract pattern of life for SOI

Intellego
Used by law enforcement to analyze pattern of life

Above “Key Components” section from: Internet Communications Discovery page

INSIDER THREAT DETECTION KEY COMPONENTS

Key Components

The SS8 Insider Threat Detection (ITD) solution provides the proactive alerting and investigation workflow needed to precisely identify suspected insiders and track their pattern of life within the network.

Sensor + PXE
Deployed on the internal network to records East/West traffic

Enrichment
User ID collected and correlated via directory store (Active Directory, DHCP)

Analytics
SS8 DRAP engine stores and scores user/device activity over time

ITD Discovery
SS8 ITD discovery interface alerts on flagged users, and enables querying of file transfer activity

INSIDER THREAT DETECTION KEY COMPONENTS

Key Components

The SS8 Insider Threat Detection (ITD) solution provides the proactive alerting and investigation workflow needed to precisely identify suspected insiders and track their pattern of life within the network.

Above “Key Components” section from: Insider Threat Detection page

—I think the first one (4 boxes) was a test Jim was working on?

POWERFUL SIEM INTEGRATION

The powerful integration of SS8 technology with the SIEM provides an excellent discovery application that treats the network as an endpoint, enabling customers to quickly discover the most sophisticated attacks, and investigate breach behavior with pinpoint accuracy—down to specific devices of interest.

 

Above “Powerful SIEM Integration” section from: Security Interface Enrichment page

—This section needs to be updated. ALL of these sections will be the same across site.