skip to Main Content

SS8 BreachDetect

Time Machine for Advanced Threat Detection 

Recursive analysis of high-definition network metadata accelerates the threat detection and incident response workflow—pointing to specific compromised devices.

Watch Demo Resources

“Historical trending and analysis, as exemplified in SS8’s time machine, provides an excellent means for improving the accuracy of forecasting emergent threats.”

INSIDE THE SOLUTION

Advanced Threat Detection

SS8 BreachDetect provides device-centric alerting and powerful network investigation capabilities that accelerates threat detection times and reduces or eliminates threat dwell time.

Software Sensor
High-performance application-aware software sensors deploy with ease passively on the network to generate high-definition records (HDRs) that are stored for analysis

 

Enrichment
User ID data from a directory store (e.g. Active Directory) combines with reputation data from Webroot® and any other source of threat intelligence to correlate with network history

Recursive Analytics
SS8’s data retention and analytics platform (DRAP), continuously analyzes recorded network history and scores network behaviors tied to specific devices and users

BreachDetect Discovery
Simplified workflows with device-centric alerting and robust visualizations built for the security analyst take the guesswork out of hunting for threats

INSIDE THE SOLUTION

Advanced Threat Detection

SS8 BreachDetect provides device-centric alerting and powerful network investigation capabilities that accelerates threat detection times and reduces or eliminates threat dwell time.

OUR CUSTOMERS

“Immediately after deploying SS8 BreachDetect we had identified malicious behavior on our network and could pinpoint the device in question to take it offline and avoid data exfiltration.”

—Rick Kessler, CIO, Chenega Corporation

USE CASES

SS8 BreachDetect in Action

PROACTIVE THREAT DETECTION

Quickly and easily identify any devices-of-interest that may have been compromised based on behavioral scoring on the network. Go even further into its records to find out whether it is exfiltrating data outside your organization, over which ports, where, and to whom.

TOTAL NETWORK VISIBILITY

Leverage SS8’s robust query and investigation workflow manually investigate some or all aspects of a recorded history of network traffic. This can include monitoring East/West traffic in and out of development labs, security operations centers, and even classified networks.

VALIDATING ENCRYPTED TRAFFIC

Identify encrypted sessions for a wide variety of applications. This includes the machine a user is trying to visit, Issuer common name, subject common name, validity start and end time, fingerprint, alternate names, SSL/TLS version used, session ID, certificate hashes, and much more.

SEE WHAT YOU ARE MISSING

SEE BREACHDETECT IN ACTION