Bringing You In-Depth Consulting & Threat Analysis
Our expert cyber analysts extract patterns of network communications from organizations to identify communicant partners (suppliers, partners, customers, malware, high threat actors, etc.) using the TraceCop database and are able to identify anomalies in network behavior to map out malicious activity, potential data theft, possible attribution of actors, and techniques used in campaigns.
Our digital research specialists deliver robust, cyber-enriched investigative services to government and commercial-sector organizations. Utilizing advanced research tradecraft and exclusive big-datasets, our actionable, mission-enabling reporting provides customized insight into our client’s most pressing information gaps, with support and integration abilities spanning a multi-INT spectrum.
We offer timely solutions for public domain investigations, advanced geopolitical cognizance, and innovative skills in online identity management, privacy, and signature reduction. Our team possesses decades of experience and are subject matter experts in the collection and production of cyber-enriched open source intelligence products, with unique insight into adversarial methods and intentions within the information environment.
The Savant Threat Analysis Differentiation
INTRUSION Savant Threat Analysis (STA) is a consulting service that produces actionable threat intelligence reports customized to your organization - guiding your blue team to eradicate advanced threats in your network.
STA leverages the patented high-speed, multi-protocol, process flow technology of INTRUSION Savant™ sensors with the vast historical Internet usage database of INTRUSION TraceCop™ using Artificial Intelligence (AI) executed on a Big Data platform to identify threats, anomalies and suspicious activity. Reported events are reviewed by seasoned network forensic veterans with career knowledge of emerging threats and threat actor methods and evaluated in the business context of your organization.
STA compliments existing network countermeasures in order to detect not only Advance Persistent Threats (APTs) but flows that don’t make sense from any and all causes. Unlike signature-based malware detection solutions that rely on profiles of known threats, STA identifies anomalies within the vast quantity of outgoing communications traffic. This “inside out” approach can uncover possible data compromises and damaging network activity that would otherwise be overlooked. STA identifies malware command and control (C&C) servers, compromised sites, malware distribution points and high-threat content based on intelligence from threat lists, community threat reports, observed trends in cyber compromises and unique vulnerabilities facing the industry. STA goes beyond external threat actors to illuminate insider abuse, network misconfigurations, deprecated software and rogue IoT devices.
STA uses patented methods to compress network flow and DNS metadata. Its cloud-based archiving offers 10 years of data retention of all network flows on all protocols, DNS, remote access logs, and other, satisfying data retention requirements and aiding in forensic investigations. This is a critical difference from other approaches as many compromises are discovered years after the logs are gone. With INTRUSION Savant Threat Analysis, the logs will always be there to chase down leads.
STA is most effective when instrumenting a network with Savant sensors for enhanced visibility, but it can also ingest DNS logs, firewall and proxy logs, email logs, Netflow and custom logging solutions in order to provide even more complete insights.