In Depth

INTRUSION has subject matter experts in cyber security, big data engineering, process flow technology, and machine learning to design hardware and software solutions for the analysis of massive network data sets.  INTRUSION has the following proprietary data sets:

  • 19 years of historical Internet surveys to include attribution of hostnames, IPs, netblocks, ASNs, etc.. – Who owns the servers and websites you are communicating with and why.
  • Billions of websites categorized with description and language identification for quick analysis – Who are interested customers or attackers, relationships, historical reputation, affiliations, country of ownership, etc.
  • Threat intelligence database that expands IOCs from several external sources based on common infrastructure or patterns, malware distribution sites, and higher threat infrastructure – Where your devices should not go
  • INTRUSION’s SME big data engineers include additional data sets to add value to our analysis:
  • 130+ external threat lists included  in our processing of mass network data for analysis
  • External port scanning and categorization data to assist in analysis
  •  

INTRUSION’s Consulting Services has expert cyber analysts who are able to extract patterns of network communications from organizations to identify communicant partners (suppliers, partners, customers, malware, high threat actors, etc..).  The cyber analysts are able to identify anomalies in network behavior to map out malicious activity, potential data theft, possible attribution of actors, and techniques used in campaigns.

image

C

Consulting Services

INTRUSION’s digital research specialists deliver robust, cyber-enriched investigative services to government and commercial-sector organizations. Utilizing advanced research tradecraft and exclusive big-datasets, our actionable, mission-enabling reporting provides customized insight into our client’s most pressing information gaps, with support and integration abilities spanning a multi-INT spectrum.

We offer timely solutions for public domain investigations, advanced geopolitical cognizance, and innovative skills in online identity management, privacy, and signature reduction. Our team possesses decades of experience and are subject matter experts in the collection and production of cyber-enriched open source intelligence products, with unique insight into adversarial methods and intentions within the information environment.

STA offers threat-hunting as a Consulting Service to produce actionable threat intelligence reports customized to your organization that guide your blue team to eradicate advanced threats in your network.

STA leverages the patented high-speed, multi-protocol, process flow technology of Savant sensors with the vast historical Internet usage database of TraceCop using Artificial Intelligence executed on a Big Data platform to identify threats, anomalies and suspicious activity. Reported events are reviewed by seasoned network forensic veterans with career knowledge of emerging threats and threat actor methods and evaluated in the business context of your organization.

STA compliments existing network countermeasures in order to detect not only Advance Persistent Threats (APTs) but flows that don’t make sense from any and all causes. Unlike signature-based malware detection solutions that rely on profiles of known threats, Savant Threat Analysis identifies anomalies within the vast quantity of outgoing communications traffic. This “inside out” approach can uncover possible data compromises and damaging network activity that would otherwise be overlooked. Savant Threat Analysis identifies malware command and control (C&C) servers, compromised sites, malware distribution points and high-threat content based on intelligence from threat lists, community threat reports, observed trends in cyber compromises and unique vulnerabilities facing the industry. STA goes beyond external threat actors to illuminate insider abuse, network misconfigurations, deprecated software and rogue IoT devices.

STA uses patented methods to compress network flow and DNS metadata. Savant Threat Analysis cloud-based archiving offers 10 years of data retention of all network flows on all protocols, DNS, remote access logs, and other, satisfying data retention requirements and aiding in forensic investigations. This is critical because many compromises are discovered years after the logs are gone with other approaches. With INTRUSION, the logs will always be there to chase down leads.

STA is most effective when instrumenting a network with Savant sensors for enhanced visibility, but it can also ingest DNS logs, firewall and proxy logs, email logs, Netflow and custom logging solutions in order to provide even more complete insights.

image