Endpoints Are the Start,
but Lateral Movement Could Be the True Goal
Breaches happen many ways. While endpoints are commonly thought of as the main target, in many cases they are simply the entry point to lateral movement. GoSecure Network Detection and Response identifies lateral movement to stop the breach from spreading.
Visibility Leads to Detection
Detection requires visibility. The better the visibility, the faster the detection. GoSecure Network Detection and Response quickly correlates endpoint and network activity, using our multi-observational analysis, to pinpoint suspicious/malicious intent and respond accordingly.
Multiple Sources for Better Visibility
Network Intrusion Detection System (NIDS)
GoSecure Managed Detection and Response provides a robust NIDS which performs real-time traffic, deep packet, and behavioral analysis in search of anomalous activity. NIDS combines third-party threat intelligence with an in-house developed ruleset providing GoSecure with the ability to detect security threats in a client’s environment. Our NIDS engine is highly scalable and can support sustained network traffic speeds of 10 gigabits per second.
Log Intrusion Detection System (LIDS)
Once deployed within the client infrastructure, the GoSecure MDR appliance collects logs from various sources providing additional contextual information used to reduce false positives and confirm the validity of potential threat events. The appliance receives logs in the standard syslog format from multiple device types, such as Syslog-NG, IPS, Firewalls, Proxies, and Web Filtering. For the sources that do not create syslogs, additional tools are available to convert logs into this format.
Correlation for Action
GoSecure’s multi-observational analysis accurately generates a suspicion level based on disparate events. By combining information from endpoint and network alerts, GoSecure’s detection level is industry leading. Going beyond simple packet captures, GoSecure Network Detection and Response uses our extensive threat intelligence database to identify threats across multiple sources and correlate these actions quickly. From scanning activity that might indicate upcoming lateral movement to policy violations, an early indicator of insider threat activity, GoSecure Network Detection and Response is a vital element of our Managed Detection and Response service. Phishing, brute force attacks and communications with malicious sites are just a few of the network sources monitored and correlated by GoSecure Network Detection and Response. No source is too obscure, and no alert too trivial.
