Forest Tree We Protect Your Reputation
2
Cyber crime is.. Cyber crime is an irreversible act, it is however a circumstance that can be avoided. Forest Tree is a leading preventive tool planted within a network to provide frontline protection against an inevitable enemy. Forest Tree grants power in rapidity to obtain intelligence on a networks’ behaviour, detecting threats in real-time and taking immediate action to neutralize situations.
Today’s Challenge
. . . .
Existing Security Solutions Organisations of all sizes are now under attack, and these attacks are becoming much more complex and specific to each organisation. This has made detecting malicious activities even more difficult than ever before: The median time to detect intrusions is over 200 days, and it is not uncommon for detection to take years; and only 40%-60% of intrusions are detected at all. This significantly increases the financial and reputational damage that hackers can inflict on organisations.
Existing Solutions are Not Enough In this fast changing environment, there is a need to analyse and understand the entirety of the information flow coming in and out of organisations, and to detect, deter and respond to all these threats in real-time.
Available security products in the market are commonly designed to operate on one of four levels: Capture, Learn, Analyse or Control. There are no definitive solutions available for any of the levels, and very few that operate on more than one level. Most companies thus have to purchase several tools and do their best to integrate them to try to cover their overall security needs.
Each tool on its own has its unique problems and shortcomings, especially when it comes to capturing all network traffic, identifying all threats and neutralising them, the integration of multiple tools from different vendors poses additional compatibility problems.
L EVEL 1 capture Capture tools such as Network Forensic Tools collect network data to facilitate its historical manual access.
L EVEL 2 learn Analytics solutions such as SIEM tools take all the data from logs and attempt to identify and correlate events and detect threats to the network.
L EVEL 3 analyse Need text placed here...
L EVEL 4 control Control tools manipulate, re-direct, spoof, or block network traffic to keep organisations safe.
3
. .
4
Why Choose Forest Tree
ForestTree is the most advanced cyber security solution in the market. Its powerful engine and big data storage, designed by former Siemens engineers for the government sector, allow it to capture very large amounts of data, and store this data for much longer, enabling the user to go back in time to analyse malicious activity as well as their origins and context. It also makes the engine much more stable, significantly reducing the effort and costs involved in servicing and maintaining the solution. Forest Tree Forest Tree allows a smooth integration into any organisation, as it does not sit within but on top of a network, thus not slowing down or interfering with the network. It also allows organisation to avoid the compatibility problems associated with having to purchase and integrate several different solutions.
K EY BENEFITS
• • • • • •
High Performance: 1 TB/s Unique: Patented Technology Highly Scalable: Big Data Storage Proactive: Block Advanced Threats Intelligent: In-Depth Analysis Low Maintenance: Purpose Built
K EY ADVANTAGES
•
•
Speed: Reduces detection time from weeks and months to second and minutes Accuracy: we detect most threats
INTELLIGENCE
ACCURACY
Just like a CCTV camera captures and records network traffic. Unlike a CCTV camera, it then processes and analyses the traffic to spot anomalies and identify traffic of interest. This is then extracted and made available to analysts through a powerful, yet easy to use, user interface. Forest Tree applies an innovative stepped approach to collate information at all network levels, augmenting it with external sources, and generating a linked structure within the tool’s user interface. The enriched information is recorded in a big data storage unit, including the whole traffic capture, which is then analysed with an artificial intelligence engine to generate profiles at different levels – from network to users or devices – and detect anomalous or suspicious behaviour. This type of detection is more effective than traditional ones, as it addresses both external and internal threats, doesn’t require signatures, and improves over time as it learns from previously blocked threats.
EXISTING SOLUTIONS
Speed Accuracy
SPEED
.
.
Forest Tree vs Existing Solutions
EXPOSURE WINDOW
INCIDENT
DETECTION
TIME SINCE INCIDENT
TIME SINCE INCIDENT
INCIDENT
FOREST TREE
MEDIAN OF 200 DAYS. LONGEST IN 2015 OVER 8 YEARS
SECONDS
DETECTION
NEUTR ALIZATION
HOURS OR MONTHS
MINUTES
NEUTR ALIZATION
EXPOSURE WINDOW
REDUCTION
5
6
Forest Tree vs Existing Solutions Forest Tree will be able to detect threats as anomalous behaviour through its innovative Artificial Intelligence engine, and prevent multi-million dollar losses.
THREAT SCENARIO Manual Response
FOREST TREE
PREVENTION
DETECTION
Detection and prevention systems are not integrated, so response is slow
SIEM
RESPONSE
NG Firewall IPS
IDS
Antimalware
Analytics
NG Firewall
SIEM
IPS Antimalware ATTACK
BREACH
Forest Tree PREVENTION
BREACH Automatic Response
Manual Response
EXISTING SOLUTIONS
Detection is still heavily manually driven, what is very time consuming
Automatic Response
ATTACK
Prevention systems fail to prevent latest threats
IDS Analytics Forest Tree DETECTION
RESPONSE
Speed Acc Int Forest Tree vs Existing Solutions Difference in Technology Network forensic companies are struggling to keep up with the growing demand from organisations for analytical capabilities. Forest Tree addresses these needs by providing: • • • • •
Configurable complete inspection and storage of content. Data extraction at all layers, from network connection details to user profiles or device information. Full text indexing of all the extracted information. Policy based action responses, with the possibility to mitigate threats and raise alerts in real time. Use of the latest big data storage and analytics technology to provide fast access to the information.
7
8
Forest Tree Enterprise Detection Process Forest Tree captures flows, extracts information and enriches it, storing the related information into a big data storage for further automated and manual analysis.
REAL TIME TR AFFIC CAPTURE Up to 1Tb/s Zero loss Decryption
External Sources
REAL TIME DATA ETR ACTION Data extraction even on partial flows
PROFILING AND INFORMATION AUGMENTATION
AI ANALYSIS
Metadata extraction
Big Data analysis
Linked data
Anomaly detection
Profiling
Internal and external treat detection
Data augmentation
No signatures
Big Data Storage
SECURIT Y ANALYSIS UI Powerful yet easy UI Provides feedback for supervised learning to the AI engine Linked data visualization
ACTIVE RESPONSE Early alerts Actively blocks offending traffic if so desired
9
Enterprise
10
The Future with Forest Tree Discrete Assessment Forest Tree team carries out a complementary security network audit in which they will test the vulnerability of the company using a bespoke and unique assessment.
Development Plan Adopting Forest Tree is an ascension into the future. A multi million pound investment has been secured to augment the current solution. The enhancement programme will be lead by highly experienced and reputable individuals within the cyber security world. With a dynamic development plan in place Forest Tree will have new capabilities ready every 6 months, therefore accumulating compatible and efficient additions to the existing solution.
THE FUTURE WITH FOREST TREE
11
Forest Tree We Protect Your Reputation
This information is only a sample of the Forest Tree Solution. To obtain a better understanding or to have an in depth presentation of the dynamic capabilities to this solution, please contact us on the details below. www.secgate.co.uk info@secgate.co.uk Berkeley Square House Mayfair London W1 United Kingdom Office: +44 (0) 207 887 6423 Mobile: +44 (0) 7471937777 Mobile: +44 (0) 7449258888