0 Résultats trouvés
              Retour Au Résultats

                Service de détection avancée sur les endpoints (Advanced Endpoint Threat Detection, AETD)

                Soyez averti en temps réel si vos endpoints sont compromis

                Les auteurs de menaces avancées échappent aux contrôles de sécurité. Pour les identifier et les arrêter rapidement, l’aide du service entièrement géré AETD (Advanced Endpoint Threat Detection) de détection avancées sur les endpoints est un atout certain pour votre équipe de sécurité.

                Les auteurs de menaces avancées tirent parti des opportunités qu’offre une grande variété de endpoints dans l'entreprise. Ils peuvent ainsi cibler des intrusions de type « conquête et extension ». Si votre équipe de sécurité est de plus en plus consciente de ce risque, elle peut avoir du mal à le limiter en permanence. Après tout, les cybercriminels travaillent
                24 h/24, 7 j/7. La simple analyse des endpoints connectés au réseau n’est pas suffisante.

                Vous avez besoin d’une inspection approfondie pour veiller à ce que chaque endpoint soit configuré de manière sécurisée et adéquate. Et en cas d’attaque d’un endpoint, vous devez savoir qu’un pirate est présent, quels systèmes ont été compromis et comment réparer les dommages.

                La solution idéale pour résoudre ce problème n’est pas uniquement logicielle : il s’agit plutôt d’un service entièrement géré, 24 h/24, 7 j/7, qui améliore votre connaissance de la situation en matière de sécurité en vous avertissant de la compromission possible d’un endpoint.

                Le service AETD va au-delà de l’identification d’une menace en accédant à de nombreux renseignements sur les pirates et leurs tactiques. Cela vous permet d’accélérer votre réponse en identifiant précisément quels systèmes sont compromis, comment c’est arrivé et comment les restaurer.

                Votre équipe de sécurité appréciera les fonctionnalités suivantes de notre service AETD :

                • Surveillance des endpoints afin de déceler les signes d’activité d’auteurs de menaces avancées
                • Recherche d’indicateurs de menaces spécifiques selon l’évolution de la situation
                • Mise à jour des données d’intelligence sur les menaces

                Your security team will appreciate our Advanced Endpoint Threat Detection service that provides:

                • Always-on endpoint assessments. The always-on nature of the solution gives you the earliest possible warning that indicators of compromise have been detected.
                • Unique endpoint intelligence delivered by the industry’s leading security research team. It’s not enough to have an always-on system – you’ve also got to know what to look for. SecureWorks has conducted advanced threat hunting engagements on hundreds of thousands of systems and has developed signatures for detecting endpoint compromise that you won’t find anywhere else.
                • 24x7 monitoring by security experts.  SecureWorks experts that are specially trained to analyze advanced threat will monitor the output of your system 24X7, determine the severity of any incidents, and will escalate critical incidents to you promptly. From there, you can address the problem yourself or quickly engage SecureWorks Incident Response experts to assist (where contracted).
                • Specific data around attack vector. Many competing systems simply advise you to re-image compromised devices. That can be expensive, time-consuming, and extremely inconvenient for your user. SecureWorks can tell you precisely how the system was compromised allowing you, in many cases, to patch rather than re-image. And you can apply this knowledge to other systems, limiting any future compromises.
                • A fully managed service. SecureWorks experts will not only patch and update the analysis software and monitor the system's availability, but they will also deploy new intelligence updates on a regular basis from knowledge we gain from the field from over 4100 clients in 61 countries to detect more threats than our competition.

                Key Benefits:

                • Detect more threats. The Advanced Endpoint Threat Detection service is based on proprietary endpoint intelligence that is developed by our SecureWorks CTU research team. Based on our experience conducting hunting engagements, we know what to look for and often detect more threats than the competition.
                • Maximize endpoint visibility. The combination of AETD with Advanced Network Threat Detection lets us see an advanced threat actor’s activity as he enters the network and spreads out. Other MSSPs cannot provide this level of visibility.
                • Receive actionable guidance to remediate. Once we notify you of the threat AETD has detected, our senior intrusion analyst team will leverage our CTU intelligence to provide you with actionable next steps to guide your response to eradicate the threat. This significantly lowers the risk of data exfiltration because you are able to disrupt the threat actor earlier in the kill chain of the attack.
                • Reduce costs. This service reduces cost by helping you pinpoint the affected systems quickly. The resulting incident response and remediation work can then be accomplished more quickly and at a lower cost.
                • Make existing investments more effective. AETD enhances your IDS/IPS and firewall detection capabilities. If one of your other security tools notifies you of a suspicious event, our analysts are able to leverage AETD to quickly determine if it is a real threat or not to give you more context behind the event.

                AETD supports two techologies: Red Cloak and Carbon Black

                AETD Red Cloak

                AETD Red Cloak is a cloud-based service focused on continuous endpoint monitoring powered by SecureWorks proprietary CTU intelligence. Developed in house by  SecureWorks and proven in the field by our Incident Response and Targeted Threat Hunting teams over the last three years, AETD Red Cloak can detect both threat activity behavior and malware.

                AETD Carbon Black

                AETD Carbon Black is an on-premise service focused on continuous endpoint monitoring powered by a subset of SecureWorks CTU intelligence as well as 3rd party intelligence. AETD Carbon Black focuses on malware detection and acts as an endpoint flight recorder, focusing on file execution, the system registry, and network connections. This enables our platform to push CTU Intelligence in these areas across your endpoints and immediately respond to detected threats.


                Contenus Associés

                Solutions associées