Network TAPs and Network Detection & Response.
Security Operation Center (SOC) teams successfully hunt, investigate, and remediate threats.
Scenario 1
PROBLEM #1
Command & Control encompasses a variety of techniques employed by attackers to connect to targeted network systems under their control. To evade discovery, enemies frequently attempt to mimic routine, expected communications. Depending on the structure and defenses of the victim’s network, an adversary may employ a variety of covert techniques to establish command and control. For example, as of early 2023 the MITRE ATT&CK architecture enumerates sixteen separate command and control methods, each having a number of sub-techniques that have been used in past hacks.
SOLUTION #1
Connecting NextRay AI Network Detection & Response (NDR) systems to networks, clouds, endpoints, and applications using a Garland Technology Network TAP ensures NextRay AI NDR delivers on its promise of early stage threat detection and advanced response capabilities. NextRay AI NDR allows security personnel to:
• Identify freshly created network connections sent or received by untrusted hosts.
• Analyze traffic patterns and inspect packets associated with protocols that deviate from the expected.
• Monitor network data streams for anomalies and identify suspicious behavior that generally utilizes a network.
• Capture difficult to-detect beacon behavior using Artificial Intelligence.
Scenario 2
PROBLEM #2
Exfiltration refers to the methods adversaries may employ to take information from a network. Once adversaries have obtained data, they frequently package it to prevent detection while discarding it. Compression and encryption may be included. Typically, techniques for extracting data from a target network involve transferring it across their command and control channel or an alternate channel, and may also involve imposing transmission size restrictions.
When a data breach leads to identity theft or the violation of government or industry compliance standards, the offending organization may face fines, lawsuits, reputational harm, and even the revocation of its business license.
SOLUTION #2
Using a Garland Network TAP, NextRay AI systems passively collect network communications and deliver it to a unified detection and response platform so it’s easier to take focused and strategic action; often with oneclick resolution. NextRay AI NDR allows security personnel to:
• Recognize an adversary’s behavior in which data is divided into fixed-size chunks rather than full files, or in which packet sizes are restricted below specific thresholds.
• Identity the pathways attackers can steal data by revealing leaking data over an existing command and control channel.
• Identify freshly created network connections sent or received by untrusted hosts.
• Make attackers’ behavior visible particularly when attackers schedule data theft to occur only at specific times or intervals.
TAP -> TOOL
Network TAP Benefits
- Provide complete packet visibility with full-duplex copies of network traffic.
- Ensure no dropped packets while passing physical errors and support jumbo frames without delay or altering the data.
- Support speeds from 10/100M, 1G, 10G, 40G, 100G, and 400G are available in single-mode and multi-mode fiber or copper ethernet.
- Available in Tap ‘Breakout,’ aggregation, regeneration, bypass, and advanced filtering.
- Passive or failsafe – Does not affect the network.
- No IP address or MAC address, and cannot be hacked.
- Full PDF Solution Brief
- Joint Solution Benefit Video
- How it works
HOW IT WORKS
1. Installed between two network devices network TAPs from Garland Technology are connected to the IT network.
2. The NextRay AI NDR connects to the network TAPs as an out-of-band security tool.
3. Network TAPs copy full-duplex traffic and send copies to the NextRay AI NDR.
4. NextRay AI NDR’s multi-method, automated threat detection capabilities detect threats before they become destructive with speed and efficiency. The sensor provides powerful, continuous, and autonomous analytics and is centralized with AI Engine.
5. NextRay AI NDR’s comprehensive and speedy integration of SOAR and SIEM standardizes your SecOps procedures, enabling collaboration and automation, expediting investigations, and decreasing reaction times.
6. High-fidelity alerts from the NextRay AI NDR help prioritize the severity of incidents and built-in orchestration automates routine tasks so teams can focus on more critical initiatives.