Seceon’s Comprehensive Cybersecurity Platform
by
Seceon’s comprehensive platform includes more than 15 tools like ai, ml, vulnerability assessment, SIEM, SOAR, UEBA, NBAD, NTA, EDR, TI, but our focus for today is an area that frequently comes up in conversation with customers and partners alike.
Does your current cybersecurity Solution discover and remediate unwanted bot activities, malware, lateral movements, credential theft, and insider threats both on-prem and across the cloud?
Seceon’s aiXDR solution discovers and remediates a comprehensive list of threats, exploits, attacks, suspicious activities, and non-conformance/non-compliance items, including Zero-Day and advanced malware with sophisticated evasive techniques. The Table below is an indicative subset of the exhaustive threat models implemented in the product.
Threat Models
Description
Trojan Horse Activity
Insider Threat/Compromised Credentials
Suspicious Trojan activity detected in the network.
Unusual activity by an insider with valid credentials. This could indicate a user with malicious intent or potential compromise of that user’s credentials.
Policy Violation
Suspicious Infected Host
An alert to indicate policy violations based on provisioned rules (granular policies like microsegmentation of network).
A host is suspected to be infected based on correlation of all indicators of compromise.
Botnet Detected
Spank Attack
A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam or syn messages.
Spank attack is a form of DDoS attack where the attacker utilizes multicast addresses as source
Threat Models
Seceon’s Comprehensive Cybersecurity PlatformSeceon
Description
addresses to multiply the bandwidth consumed by the network and the targeted host.
Potential Data Raid
Potential Exploit
Detection of potential data breach or data raid from critical assets.
System has observed traffic patterns that would indicate an attempt to exploit system vulnerability.
Attacks that use massive amount of traffic saturating Volumetric DDoS the bandwidth of the target. Volumetric attacks are easy to generate using Protocol ( TCP/UDP) Flood.
RC4 Attack
Suspicious Account Creation
–Insider Threat
Brute Force Attack
Potential RC-4 Encryption Vulnerability exploitation detected
An account created for malicious intent by an Insider Administrator.
Brute Force login attack on a particular host.
Known Virus or Worm Infection
Potential Web Exploit
Host infected with virus or worm with known signature (hash)
System has observed traffic patterns that would indicate attempts to exploit Web Application vulnerability.
Potential Vulnerability Exploit
ICMP DDoS
Malware Infected Host
System has observed traffic patterns that would indicate an attempt by a host to exploit application vulnerabilities present on other host(s)
ICMP FLOOD based attack detection
Server or endpoint infected with malicious software (including fileless)
Threat Models
Description
Insider Threat (USB)
An insider who could be causing leakage of business sensitive information including privacy protected data (e.g PII, PHI), advertently or inadvertently from a highvalue asset to an USB drive
Data Exfiltration
Unusual user activity is mapped with entities (databases, servers, applications) accessed and correlated with spike in data transferred from an internal IP/Port to another internal or external IP/Port to arrive at data exfiltration as potential Threat Indicator
DDoS Amplification
DDoS TCP Syn TCP SYN based DDoS attack detection. Ransomware
Dangerous malware that can encrypt the entire disk and hold endpoints/server hostage in lieu of demand for ransom
DNS Tunneling DNS Tunneling
Compromised Credentials User Credentials are suspected to be compromised
Phishing Attack
Zero Day Malware
Socially engineered email that allures the recipient to a spurious website with malicious intent
Malware without prior detection and known signature
Lateral Movement
Command & Control Center (C&C)
Attempts by a malware (worm or botnet) to move from one endpoint/server to another with the intent of enhancing damage and/or reaching its target (server/application/database/storage)
Attempts by a malware to establish communication with its Command & Control Center through various means –Backdoors, Domain Generation Algorithms (DGA), Beaconing etc.
