Use Cases

Early Warning Detection


Issue link:

Contents of this Issue


Page 0 of 3

l USE CASE l S E C U R I T Y Having the ability for continuous, real time attack surface monitoring allows you the ability to detect questionable behavior and act as your early warning system. As we have come to learn about cybersecurity, its not a matter of if we get attacked but when we get attacked. 100% security is not feasible, and we need to evolve our strategy to also include detection, the earlier the better. Studies show that if you can detect a potential breach in the earlier phases you can drastically reduce the impact and even sometimes stop a threat from ever occurring. Cyber criminals do their research before executing an attack, hackers need to know what's available to attack before launching any intrusion. Network reconnaissance is analogous to a bank robber casing a bank to find out how many security guards are on duty, how many cameras exist, their placement, and what escape route to use. Unlike endpoint data, bad actors cannot manipulate network packet data. Network packet-derived data is the ultimate source of intelligence for gaining comprehensive (e.g., broad and deep) network visibility and conducting more effective cyber threat detection and response. NETSCOUT ® Omnis ® Cyber Intelligence (OCI) is an advanced NDR solution that integrates with and fills the gaps left by other security tools. NETSCOUT's OCI leverages NETSCOUT CyberStream instrumentation to capture full packets at line rate (e.g., up to 100Gbps). Cyberteams' patented Adaptive Service Intelligence ® (ASI) technology automatically extracts a unique, robust set of layer 3- 7 metadata from packets (we call Smart Data). With this Smart Data, security analysts can use NETSCOUT OCI to conduct highly responsive, real-time, and historical analyses to detect and investigate threats quicker. Omnis Cyber Intelligence (OCI) is all about providing a credible network data source to detect the earliest phases of an attack to get ahead of it. Quickly identifying reconnaissance, customers can prepare their environment to block reconnaissance and prepare their defenses in advance of a future attack. NETSCOUT OCI reconnaissance sees evidence of a wide variety of port scanning, obfuscation and brute force attempts at all of our customer deployments, including Telnet Brute Force, Malware Hosts, Tor Exit Nodes, Worms, ASERT Sinkhole activity, etc Early Warning Detection

Articles in this issue

Links on this page

view archives of Use Cases - Early Warning Detection