FireEye

Provides the FireEye Malware Protection System is the next generation of threat protection focused on combating advanced malware, zeroday and targeted APT attacks. FireEye's solutions supplement standard security defenses, such as traditional and next generation firewalls, IPS, AV and Web gateways. Such defenses can't stop advanced malware, leaving significant security holes in a majority of corporate networks.

Proofpoint

Provides Targeted Attack Prevention (TAP) solution provides real time monitoring of urls as well as providing real time analysis of email attachments to insure that the attachments do not contain malicious code. Proofpoint also provides a threat analysis service to help clients understand the proper remediation approach to any specific exploit.

Proofpoint Threat Response provides a single pane of glass designed from the ground up for the incident response process. By bringing all the relevant threat information together in one place and helping analysts identify important relationships Threat Response streamlines the workflow required to rapidly respond to a detected security threat. The system includes a number of key components:

  • Dashboard - see all your critical threats, open incidents and more all at a glance
  • Incident Scoring - scores are automatically adjusted as new details are discovered
  • Incident Workflow - assign incidents to analysts and collaborate in an incident
  • Incident Details - view all the collected data about an incident in one place
  • List Management - add and remove identities and hosts to/from quarantine and containment lists
  • Event Sources - view threat detection systems that will be generating alerts
  • Device Updates - view devices and update schedules for your existing infrastructure
  • Reporting - view real-time trends about malware, infected users, CNC IPs and much more

All of these components are seamlessly integrated to ensure that security teams are able to quickly analyze the collected data so that they can prioritize and respond to security threats as soon as they are detected.

Trend Micro

Provides Deep Discovery solution provides you with the network-wide visibility, insight, and control you need to combat APTs and targeted attacks. For advanced threat protection, Deep Discovery uniquely detects and identifies evasive threats in real-time, then provides the in-depth analysis and relevant actionable intelligence that will equip you to assess, remediate, and defend against targeted attacks in your organization.

Deep Discovery

it is at the core of the Trend Micro Custom Defense. A complete solution that enables you to detect, analyze, adapt, and respond to targeted attacks. Specialized inspection engines and custom sandbox simulation identify zero-day malware, malicious communications, and attacker activities that are invisible to standard security defenses.

Vectra Networks

Delivers a new class of advanced persistent threat (APT) defense delivering real-­time detection and analysis of active network breaches. Vectra technology picks up where perimeter security leaves off by providing deep, continuous analysis of both internal and Internet­ bound network traffic to automatically detect all phases of a breach as attackers attempt to spy, spread, and steal within your network.

Zscaler

Provides the Protect-Detect-Remediate defense framework which is a best practices approach for defending against APTs. Zscaler can provide a complete, integrated protect-detect-remediate defense for any IP enabled device in your organization.

  • Protect - In this phase, it's important to stop infections from happening by identifying and blocking inbound threats such as zero-day malware, worms, viruses, trojans, malicious URLs, infected IP addresses, etc.
  • Detect - Eventually either through malicious insiders or gaps in your defense, infections will invariably occur. At this phase, you need to be able to detect infections, data ex-filtration attempts, and intercept communications from a bot net to its command and control (CNC) server.
  • Remediate - Once a threat has been identified, it is critical to immediately contain further damage by blocking CNC communications and stopping all data exfiltration. Then the security team can correlate data and run forensics to identify the affected systems and do a root cause analysis and heal the infections.
© 2016 CTIGlobal