24 HOURS TO FULL CAPABILITIES
SOC-AS-A-SERVICE (XDR)
We utilize leading technology to support our SOC-as-a-Service offering. Two clicks is all it takes to get Stealth-ISS’s agents auto-installed across all endpoints. Compliant with PCI, HIPAA, and GDPR regulatory requirements.
DO YOU WANT TO PROTECT YOUR BUSINESS, DATA, AND MEET COMPLIANCE REQUIREMENTS?
ARE YOU LOOKING FOR A TRUSTED MSSP WITH THE TOOLS AND KNOW-HOW TO MONITOR YOUR IT ENVIRONMENT 24/7?
DO YOU WANT PROTECTION FROM INTERNAL AND EXTERNAL THREATS, MALWARE, PHISHING, RANSOMWARE, AND THE PEOPLE BEHIND IT?
YOUR 24/7 SOC-AS-A-SERVICE
MONITORING & CONTROL
- Getting integrated visibility to all that takes place in the environment, typically entails manual aggregation of various different log feeds, making this critical need for IT Security teams unaddressed.
- Our SOC-as-a-Service offering provides you with visibility in all endpoint configurations, installed software, process execution, network traffic and user activity, enabling operators to optimize their asset management and proactively reduce exposed attack surfaces.
CONTINUOUS MONITORING AND CONTROL
VULNERABILITY ASSESSMENT
Vulnerable systems and apps expose environments and attack surfaces to exploitation. Maintaining patching routine reduces this exposure depriving attackers from using most to all of known exploits.
Our SOC-as-a-Service allows you to easily discover and unpatched vulnerabilities as well as prioritize their patching in respect to the risk they introduce.
LOG COLLECTION AND RETENTION
Availability and visibility of system logs are imperative for various security and compliance purposes.
We retain successful & failed logins, software download, password changed and multiple other activities within the environment for unlimited length of time providing unmatched clarity and context into current and historic events.
INVENTORY MANAGEMENT
With our SOC-as-a-Service you get instant visibility into the environment’s entities and activities to easily answer common questions such as what endpoints, physical and virtual are on the environment, what software is installed on them, are there any rouge assets in the environment and others.
FILE INTEGRITY MONITORING (FIM)
Maintaining a ‘known good’ state of files in the environment to alert on unauthorized changes is a required security layer in man environments.
We monitor and detect changes in files for either compliance or threat protection purposes. Any desired file state can be saved as policy, triggering an alert upon inflicted change and delivering the full context of the change to ensure rapid and efficient handling of the event.
NEXT-GEN ANTIVIRUS
Today’s threat landscape features constant evolution of sophisticated threats. Stealth-ISS’s SOC-as-a-Service offering prevents the execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.
WE PREVENT EXECUTION OF MALICIOUS FILES
We integrate threat intelligence with ML static analysis to discover malicious attributes of trojans, worms exploits and other attack vectors.
Malware / Ransomware / Backdoors / Crypto-miners / Banking trojans / Rootkits / Worms
WE TERMINATE MALICIOUS PROCESS
We apply multiple monitoring vectors to pinpoint behavioral patterns that indicate malicious activity is taking place.
Exploits (documents & browser) / Macros / LOLbins / Powershell & WMI / Scripts / Thread Injections
NEXT-GEN ANTIVIRUS PROTECTION
Threat Intelligence
We utilize over 30 live feeds of various Indicators of Compromise.
Known Malware
We identify and prevent execution of malware with known signatures.
Fuzzy Hashing
We identify files with high similarity to know malware hashes.
Memory Access Control
We ensure only legitimate process can gain access to critical areas in memory.
AI Static Analysis
We analyze files before execution using unsupervised machine learning to discover malicious attributes.
Behavioral Analysis
We monitor process at runtime and terminate upon detection of malicious behavior.
ENDPOINT DETECTION & RESPONSE
Today’s attackers can easily bypass your preventative measures and utilize tools to operate under the radar.
With Stealth-ISS’s SOC-as-a-Service, we continuously monitor your endpoints for active malicious presences in order to make rapid and efficient decisions that eliminate threats.
UNMATCHED CONTEXT FOR CLEAR AND ACCURATE ALERTS
CORRELATION
Unlike standard EDR security tools, Stealth-ISS’s SOC-as-a-Service leverages the full power of full visibility into network traffic and user activity.
VERDICT
Correlating all these activity signals together enables Stealth-ISS’s alert engine to apply strict validation on any suspicious behavior prior to generating an alert.
ALERT
Once the alert is created, Stealth-ISS provides all the required context for rapid and efficient, triage, prioritization, and onward steps on a single screen.
RESPONSE POWER KIT
Immediate Action
We apply local host, file and process remediation - from power tools, such as host isolation, to surgical schedule task deletion.
Custom Remediation
We build custom remediation to be applied automatically in any future occurrence of validated malicious activity.
Elevate Protection
We use validated IOCs and respective remediation to hunt for threats across the entire environment in order to disclose hidden attack instances.
USER BEHAVIOR ANALYTICS
Stealth-ISS’s SOC-as-a-Service prevents execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.
User Behavior Baseline
Stealth-ISS utilizes real-time user activity monitoring to achieve a baseline, utilizing the number of hosts they log into, location, frequency, internal and external network communication, accessed data files and executed processes.
Real-time activity context
Real-time activity context is achieved through continuous correlation of user activities with other entities’ events, including endpoints, files and external network locations, providing you with rich context to determine associated risk.
Enhance Accuracy With User Verification
We leverage internal knowledge of users’ roles, group, geolocation and working hours to define access patterns to SaaS and on-premise resources that are likely to indicate user account compromise.
Examples include first-time logins to resources, logins outside of working hours, logins to multiple machines within a short timeframe, etc.
USER BEHAVIOR ANALYTICS: COMMON SCENARIOS
Real time monitoring of all the interactions users initiate, including: hosts that they log into, number of hosts, location, frequency, internal and external network communication, data files opened, executed processes, and many more.
Anomalous login
User is logged in to his laptop and logs in to a sensitive database.
Multiple Concurrent Connections
User is logged in to multiple resources within a short timeframe.
New VPN Connection
User remotely logs in to a file server via VPN for the first time.
Off Hours SAAS Login
User that typically works on an on-prem desktop logs in remotely to the organization’s Dropbox.
DECEPTION
LURE ATTACKERS TO REVEAL THEIR PRESENCE WITH ADVANCED DECEPTION TECHNOLOGY.
Stealth-ISS’s deception security supports various types of decoys to detect threats in various stages of the attack’s lifecycle: data files, credentials and network connections. In each type, the consumption action triggers the alert – login attempt with a decoy password, connection attempt with RDP or URL, and opening a data file.
Stealth-ISS’s cyber deception provides both off-the-shelf decoy files and the ability to craft your own, all while taking into account your environment’s security needs.
DETECT ATTACKS AT THE CREDENTIAL THEFT STAGE: DECOY PASSWORDS
Passwords are extremely valuable to attackers attempting to expand their foothold within a compromised environment. Stealth-ISS crafts and plants text files containing false passwords along attackers’ potential routes. Any attempt to log in with these passwords triggers an alert
DETECT ATTACKS AT THE LATERAL MOVEMENT STAGE: DECOY CONNECTIONS
When seeking to further comprise and expand across the environment to access organizational resources, internal network shares and RDP connections are extremely attractive. Stealth-ISS’s decoy connections enable the reliable detection of attackers during the hard-to-detect lateral movement stage.
extremely attractive. Stealth-ISS’s decoy connections enable the reliable detection of attackers during the hard-to-detect lateral movement stage.
DETECT ATTACKS AT THE LATERAL MOVEMENT STAGE: DECOY CONNECTIONS
DATA FILES
The attacker’s top objective is to get hold of sensitive data – IP, PII, business plans, etc. Stealth-ISS crafts and plants decoy data files and links similar to what attackers would seek in the target organization, planting them across endpoints and servers in the environment.
DECOY DATA FILE BEACONING
When an attacker opens a decoy data file at their premise, an alert is triggered and the file sends Stealth-ISS the malicious IP address at which it resides.
NETWORK ANALYTICS
Stealth-ISS prevents execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.
Reconnaissance
Gathering information on the attacked environments is a prerequisite for efficient malicious expansion and is typically executed by any type of port scanning.
Risky Connections
Active communication with malicious sites includes malware distribution, phishing, and known C2C based on intelligence feeds.
Credential Theft
Gaining user account credentials is a key enabler of lateral movement. To obtain these credentials, attackers exploit networking mechanism weaknesses to extract password hashes from intercepted internal traffic.
Lateral Movement
For advanced attackers, the first compromised endpoint is merely a mean, not an end by itself. The attack’s true objective resides on other endpoints or the server. There are numerous vectors to spread across an environment, many of which generate unique network traffic.
Data Exfiltration
The final stage in any attack is to exfiltrate compromised data from the internal environment to the attacker’s premises. A common way to evade perimeter defenses is to disguise the exfiltration as a legitimate protocol, such as DNS, HTTPS, etc.
RESPONSE ORCHESTRATION
PRE-BUILT REMEDITATION
Stealth-ISS’s SOC-as-a-Service also provides a pre-built remediation tool set for each entity type: file, host, network and user.
With these pre-built remediation and incident response tools, Stealth-ISS accelerates and optimizes incident response workflows. This equips security teams with a full remediation arsenal without ever needing to shift from our console.
PRE-BUILT REMEDIATION USE CASES
USER
Stealth-ISS detects anomalous login attempt.
Disable the user locally on the host using built-in Disable User remediation.
NETWORK
Stealth-ISS detects a host initiating suspicious traffic to an unknown external address.
USER
Stealth-ISS runs IOC search and discovers a malicious service running on host.
Stealth-ISS enables built-in Delete Service remediation to surgically remove the service without the need to isolate the entire host.
FILE
Stealth-ISS detects a suspicious file running on host.
Remove the file for further investigation using built-in Quarantine File remediation.
MAN IN THE MIDDLE
Stealth-ISS detects a Man in the Middle.
USER
Stealth-ISS investigation reveals live trojan malware running on a host.