Our use cases are vast and varied. Quite simply, we looked at tools that would look at network detection and responses out-of-the-box. Looking at Awake, there are hundreds of security use cases built into the system itself. I typically utilize the tool across the enterprise looking to detect those hard to find threats
I am looking at:
- Indicators of compromise for ransomware
- Possible command and controls
- Clear text passwords
- Data ex-filtration and compliance for GDPR
- Various, very hard to detect models of data ex filtration, such as data ex-filtration via e.g DNS or ICMP
- Bad domains and traffic to bad domains
- The list goes on and on.
I have over a hundred use cases turned on running in the background and looking at the following (for example):
- Defense evasion, use of proxies in order to hide data ex-filtration.
- Rogue hardware, identifying new devices on my network, whether they be wireless, wireless handheld devices, smartphones, laptops, etc.
- Brute force attempts against passwords.
- Password spraying attempts.
It is deployed inline into an appliance on-prem and leveraging a network SPAN port.
We are using the latest version.