Infographic: Detecting Advanced Persistent Threats with the Telesoft Cyber Platform
An Advanced Persistent Threat (APT) is a prolonged, sustained attack delivered by skilled users using sophisticated and well developed tools, techniques and procedures (TTP).
These attacks are well planned and usually target large enterprises and critical national infrastructure (including government networks). The challenge isn’t just mitigating these attacks, but detecting APT activity on networks that operate at the highest rate and scale.
Advanced Persistent Threat Detection
The ‘Detecting Advanced Persistent Threats’ infographic below shows how a typical APT attack might play out and how Telesoft’s Cyber Platform can be used against it.
Our 400Gbps FlowProbe, for example, has the capability to analyse every single flow in multi-Tbps, high volume networks, hunting for malicious traffic. By continuously monitoring the network, APT infiltration can be detected and its behaviour tracked 24/7.
Using the Telesoft CERNE Network Instrusion Detection System (NIDS), we can scan and capture network packets associated with any IP address under investigation by FlowProbe. Used together, APT activity can be mitigated before valuable information (IP, employee data, financial records, etc) can be exfiltrated.
See the APT detection process in detail in the infographic below. Click the image to view and/or download it.
The Telesoft FlowProbe provides detailed un-sampled traffic statistics in the form of flow records from large scale networks up to 4 x 100GbE per high-performance 1U appliance. The flow records created from the raw data can be passed in real-time to the Telesoft TDAC or any other compatible customer data platform.
The Telesoft CERNE combines a high rate 100Gbps IDS engine with an automated record of relevant network traffic for real-time and historical threat investigation and digital forensics. CERNE continuously scans and captures network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event.
For more information about APT detection and mitigation, read our Advanced Persistent Threat Analysis series.
You may also like
400GBPS FlowProbe: Network Traffic Monitoring
Monitor real time traffic information and network performance whilst using anomaly detection to maintain cyber security with our ultra high performance 4x 100GbE network traffic monitor.
100GBPS CERNE: INTRUSION DETECTION
100 Gbps IDS engine and alert driven packet recorder that enables 24/7 real-time network threats monitoring and access control.
400GBPS TRITON: CYBER WARFARE SIMULATION
Prove and enhance your cyber security posture with our Cyber Warfare Simulation tool and our world class SLA and advanced on-site/ off-site support.
TDAC: Digital Forensics
Unlocks network visibility and threat identification