StealthDEFEND®

Real-Time Threat Analytics and Alerting

Defend your organization from advanced threats like ransomware and attempts to exfiltrate or destroy your data.

Watch Video

Request a Free Trial

Powered by ChronoForms - ChronoEngine.com

 

The STEALTHbits Advantage

Leveraging unsupervised Machine Learning, StealthDEFEND eliminates excessive and undifferentiated warnings to surface truly meaningful trends and alerts on attempts to compromise your sensitive data.

Purpose-Built

Purpose-Built

Focused on file activity, important contextual elements like data sensitivity, and the actual attack methods leveraged in enterprise breaches, there is no better-aligned solution available to protect an organization’s file system data against insider threats.

Intelligent Indicators

Intelligent Indicators

StealthDEFEND comes prepackaged with advanced analytics and Machine Learning models that automatically evaluate and correlate the activity and behavior of the users interacting with your file system data. The result is a manageable quantity of incidences to investigate, supported by evidence that will justify the time spent.

Superior Data Quality

Superior Data Quality

StealthDEFEND is not only highly performant in its ability to collect and process millions of access events daily and in real-time, but eliminates reliance on native logging altogether, providing a consolidated, enriched stream of file activity data that produces the highest quality output.

Data Exfiltration Discovery

Rapid Deployment

StealthDEFEND’s modern architecture and design make it highly scalable and cost effective, requiring minimal infrastructure that can reside virtually anywhere, deploy in hours, and begin providing results immediately.

Increased ROI

Increased ROI

StealthDEFEND enables users to maximize their investments in a wide variety of technologies, from DLP to Data Classification, SIEM, UBA platforms, and more.

StealthDEFEND Overview

StealthDEFEND Overview

StealthDEFEND At-A-Glance

StealthDEFEND’s interactive visualizations, incident detection response workflow, real-time alerting, and seamless sensitive data integration make it a powerful and highly effective component of your data security strategy.

StealthDEFEND Dashboard

Detect, Alert, and Respond:

  • Ransomware Behavior
  • Unusual Sensitive Data Access
  • Suspicious Encryption Activity
  • Configuration File Tampering
  • First time access
  • Suspicious Permission Changes
  • Abnormal User Behavior
  • Unusual Process Execution
  • Abnormal Denied Activity
  • Mass File Deletions
  • Data Exfiltration Attempts
  • Lateral Movement

StealthDEFEND Machine Learning Threats

StealthDEFEND threats are built on Unsupervised Machine Learning Models which identify precise use cases such as privileged user monitoring, data exfiltration attempts, risky permissions changes and other activities associated with insider threats - extending StealthDEFEND capabilities beyond simple monitoring of “anomalous” user activities.

StealthDEFEND Dashboard

StealthDEFEND Cybersecurity Playbooks

StealthDEFEND playbooks allow your organization to:

Mitigate Data Loss Fast detection and response greatly reduces attacker dwell time and contains threats before attackers can advance to the data exfiltration stage

Decrease Response Time SteathDEFEND connects various security applications and processes together to orchestrate and automate the threat response process

Provide Instant Visibility Across Teams Automated incident response instantly notifies Global and Local SOC teams, security analyst and remediation teams ensuring everyone is aware of threats as they occur

Reduce Errors & Increased Productivity Automation removes error prone process from humans and frees them up to focus on high priority threats

StealthDEFEND - Step-Up Authentication
  • User Account Disabling
    • Removes access as a precautionary measure until the user provides additional authentication or until an administrator re-enables the account
  • Step-Up Authentication
    • Adds an additional layer of protection with a stronger authentication mechanism when accessing sensitive resources or in response to suspicious behavior
  • SIEM Alert Generation
    • Forward incident details to SOC for initial diagnosis
  • Incident Management Ticket Creation
    • Logs an incident for triage

Balancing security with usability is the greatest challenge to rapid containment threat responses. Disabling user accounts for false positives or lower level security events creates additional work for support teams and frustrates users, often leading to security controls being removed. Step up authentication allows companies to balance threat response with usability and lower end user friction by challenging a user to produce additional forms of authentication which provide a higher level of assurance that she is in fact who she claims to be.

StealthDEFEND - Unusual Process/Ransomware/Malware
  • User Account Disabling
    • Removes access as a precautionary measure until the user provides additional authentication or until an administrator re-enables the account
  • Malware Incident Response Process
    • Executes the multi-step process of malware identification, Process termination, End Point Protection updates, IR data captures
  • SIEM Alert Generation
    • Forward incident details to SOC for initial diagnosis
  • Incident Management Ticket Creation
    • Logs an incident for triage

Ransomware continues to be a problem as attackers have proven their ability to compromise endpoints easily. By encrypting files and rendering them inaccessible until the victim pays a ransom, this threat is an extremely serious problem that requires fast detection and containment.

This playbook quickly responds to IOCs (Indicators of Compromise) associated with Ransomware behavior and quickly responds by disabling the user account, issuing a step-up authentication request, gathering samples of the ransomware and alerting threat response teams.

StealthDEFEND - Unauthorized Sensitive Data Access
  • Data Discovery & Classification
    • Sensitive data is discovered and classified based on the document's contents. StealthDEFEND can ingest 3rd party classifications
  • User Account Disabling
    • Removes access as a precautionary measure until the user provides additional authentication or until an administrator re-enables the account
  • Step-Up Authentication
    • Adds an additional layer of protection with a stronger authentication mechanism when accessing sensitive resources or in response to suspicious behavior
  • SIEM Alert Generation
    • Forward incident details to SOC for initial diagnosis
  • Incident Management Ticket Creation
    • Logs an incident for triage

Access to sensitive data is often still over provisioned, and other times simply exposed through misconfigurations or mishandling. Traditional reactive controls only alert or report on access misuse. StealthDEFEND’s Unauthorized Sensitive Data Access playbook detects when users interact with sensitive data in ways that deviate from their normal use and respond quickly with containment steps to protect sensitive data.

StealthDEFEND - Incident Response Data Gathering
  • Retrieve Auto-Start Extension Points
    • ASEPs are commonly used as persistence mechanisms for adversaries.
  • Calculate file entropy
    • Malware commonly uses packers to obfuscate their internals and bypass AV signatures and those packers lead to higher byte entropy
  • Retrieve copies of Prefetch Files
    • Prefetch files are used by forensic investigators trying to analyze applications that have been run on a system
  • Retrieve WMI Event Consumers
    • WMI is used by malware as a persistence mechanism
  • Incident Management Ticket Creation
    • Logs an incident for triage
    • Updates ticket w/ gathered data

When responding to an incident, analysts must be able to gather relevant data as quickly as possible before it can be tampered with or loss. This crucial step in the incident recovery process is often manual and tedious. The Incident Response Data Gathering playbook provides analyst with an organized approach to addressing and managing the aftermath of a security incident. By tying into existing frameworks, security analyst can quickly gather the necessary artifacts to hunt down threats and limit damage, reduces recovery time and costs associated with security.

SIEM Integration

Out-of-the-box integration and preconfigured dashboards provide your SIEM needed context and intelligence, without any of the noise.

IBM Security - SIEM Integration
Splunk - SIEM Integration
McAfee Enterprise Security Manager - SIEM Integration
AlienVault USM - SIEM Integration
LogRhythm - SIEM Integration

Resources

KuppingerCole Executive View: StealthDEFEND

Analysis Report

Learn More

StealthDEFEND for File Systems

Data Sheet

Learn More

StealthDEFEND Overview

Video

Learn More

Free Risk Assessment
Free Trial Request
STEALTHbits Demo Request
Browse Resource Library