Forest Tree We Protect Your Reputation
01
2
Cyber crime is an irreversible act, it is however a circumstance that can be avoided. Forest Tree is a leading preventive tool planted within a network to provide frontline protection against an inevitable enemy. Forest Tree grants power in rapidity to obtain intelligence on a networks’ behaviour, detecting threats in real-time and taking immediate action to neutralize situations.
02
Existing Security Solutions Today’s Challenge Organisations of all sizes are now under attack, and these attacks are becoming much more complex and specific to each organisation. This has made detecting malicious activities even more difficult than ever before: The median time to detect intrusions is over 200 days, and it is not uncommon for detection to take years; and only 40%-60% of intrusions are detected at all. This significantly increases the financial and reputational damage that hackers can inflict on organisations.
Existing Solutions are Not Enough In this fast changing environment, there is a need to analyse and understand the entirety of the information flow coming in and out of organisations, and to detect, deter and respond to all these threats in real-time. Available security products in the market are commonly designed to operate on one of four levels: Capture, Learn, Analyse or Control. There are no definitive solutions available for any of the levels, and very few that operate on more than one level. Most companies thus have to purchase several tools and do their best to integrate them to try to cover their overall security needs. Each tool on its own has its unique problems and shortcomings, especially when it comes to capturing all network traffic, identifying all threats and neutralising them, the integration of multiple tools from different vendors poses additional compatibility problems.
LEVEL 1 capture
LEVEL 3 analyse
Capture tools such as Network Forensic Tools collect network data to facilitate its historical manual access.
Need text placed here...
LEVEL 2 learn
LEVEL 4 control
Analytics solutions such as SIEM tools take all the data from logs and attempt to identify and correlate events and detect threats to the network.
Control tools manipulate, re-direct spoof, or block network traffic to keep organisations safe.
3
Why Choose Forest Tree KEY BENEFITS • • • • • •
High Performance: 1 TB/s Unique: Patented Technology Highly Scalable: Big Data Storage Proactive: Block Advanced Threats Intelligent: In-Depth Analysis Low Maintenance: Purpose Built
KEY ADVANTAGES •
•
4
Speed: Reduces detection time from weeks and months to second and minutes Accuracy: we detect most threats
03
ForestTree is the most advanced cyber security solution in the market. Its powerful engine and big data storage, designed by former Siemens engineers for the government sector, allow it to capture very large amounts of data, and store this data for much longer, enabling the user to go back in time to analyse malicious activity as well as their origins and context. It also makes the engine much more stable, significantly reducing the effort and costs involved in servicing and maintaining the solution. Forest Tree Forest Tree allows a smooth integration into any organisation, as it does not sit within but on top of a network, thus not slowing down or interfering with the network. It also allows organisation to avoid the compatibility problems associated with having to purchase and integrate several different solutions.
Forest Tree vs Existing Solutions Just like a CCTV camera captures and records network traffic. Unlike a CCTV camera, it then processes and analyses the traffic to spot anomalies and identify traffic of interest. This is then extracted and made available to analysts through a powerful, yet easy to use, user interface. Forest Tree applies an innovative stepped approach to collate information at all network levels, augmenting it with external sources, and generating a linked structure within the tool’s user interface. The enriched information is recorded in a big data storage unit, including the whole traffic capture, which is then analysed with an artificial intelligence engine to generate profiles at different levels – from network to users or devices – and detect anomalous or suspicious behaviour. This type of detection is more effective than traditional ones, as it addresses both external and internal threats, doesn’t require signatures, and improves over time as it learns from previously blocked threats.
5
FOREST TREE
INCIDENT
TIME SINCE INCIDENT
TIME SINCE INCIDENT
INCIDENT
EXISTING SOLUTIONS
NEUTR ALIZATION
MINUTES
EXPOSURE WINDOW
DETECTION
SECONDS
M E D I A N O F 2 0 0 DAY S . LO N G E S T I N 2 0 1 5 OV E R 8 Y E A R S
EXPOSURE WINDOW
The type of detection
REDUCTION
DETECTION
HOURS OR MONTHS
NEUTR ALIZATION
04
Forest Tree vs Existing Solutions Forest Tree will be able to detect threats as anomalous behaviour through its innovative Artificial Intelligence engine, and prevent multi-million dollar losses.
Difference in Technology Network forensic companies are struggling to keep up with the growing demand from organisations for analytical capabilities. Forest Tree addresses these needs by providing: • • • • •
6
Configurable complete inspection and storage of content. Data extraction at all layers, from network connection details to user profiles or device information. Full text indexing of all the extracted information. Policy based action responses, with the possibility to mitigate threats and raise alerts in real time. Use of the latest big data storage and analytics technology to provide fast access to the information.
7
FOREST TREE
EXISTING SOLUTIONS
ATTACK
ATTACK
BREACH
PREVENTION
Forest Tree
Antimalware A U T O M AT I C R E S P O N S E
DETECTION
Forest Tree
Analytics
IDS
SIEM
NG Firewall IPS
Analytics
IDS
SIEM
Antimalware
IPS
BREACH
DETECTION
PREVENTION
NG Firewall
Detection is still heavily manually driven, what is very time consuming
Prevention systems fail to prevent latest threats
MANUAL RESPONSE
RESPONSE
RESPONSE
Detection and prevention systems are not integrated, so response is slow
Threat Scenario
MANUAL RESPONSE A U T O M AT I C RESPONSE
05
8
Forest Tree Enterprise Detection Process Forest Tree captures flows, extracts information and enriches it, storing the related information into a big data storage for further automated and manual analysis.
9
External Sources
Data extraction even on partial flows
REAL TIME DATA ETR ACTION
Detection Process
Decryption
Zero loss
Up to 1Tb/s
REAL TIME TR AFFIC CAPTURE
Internal and external treat detection No signatures
Profiling Data augmentation
Powerful yet easy UI
Linked data visualization
Actively blocks offending traffic if so desired
Early alerts
ACTIVE RESPONSE
Anomaly detection
Linked data
SECURIT Y ANALYSIS UI
Big Data analysis
Metadata extraction
Provides feedback for supervised learning to the AI engine
Big Data Storage
AI ANALYSIS
PROFILING AND INFORMATION AUGMENTATION
06
The Future with Forest Tree Discrete Assessment Forest Tree team carries out a complementary security network audit in which they will test the vulnerability of the company using a bespoke and unique assessment.
Development Plan Adopting Forest Tree is an ascension into the future. A multi million pound investment has been secured to augment the current solution. The enhancement programme will be lead by highly experienced and reputable individuals within the cyber security world. With a dynamic development plan in place Forest Tree will have new capabilities ready every 6 months, therefore accumulating compatible and efficient additions to the existing solution.
10
THE FUTURE WITH FOREST TREE
11
Forest Tree We Protect Your Reputation
This information is only a sample of the Forest Tree Solution. To obtain a better understanding or to have an in depth presentation of the dynamic capabilities to this solution, please contact us on the details below.
www.secgate.co.uk info@secgate.co.uk Berkeley Square House Mayfair London W1 United Kingdom Office: +44 (0) 207 887 6423 Mobile: +44 (0) 7471937777 Mobile: +44 (0) 7449258888