How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
The tool generates automated alarms to correlate any network activity that we see with some of that more deep packet inspection which Awake provides. There is currently not a lot of IoT in our environment.
Our use cases are vast and varied. Quite simply, we looked at tools that would look at network detention and responses out-of-the-box. Looking at Awake, there are hundreds of security use cases built into the system itself. I typically utilize the tool across the enterprise looking to detect those hard to find threats I am looking at: * Indicators of compromise for ransomware * Possible command and controls * Privacy * Clear text passwords * Persistence * Data ex-filtration and compliance for GDPR * Various, very hard to detect models of data ex filtration, such as data ex-filtration via e.g DNS or ICMP * Bad domains and traffic to bad domains * The list goes on and on. I have over a hundred use cases turned on running in the background and looking at the following (for example): * Defense evasion, use of proxies in order to hide data ex-filtration. * Rogue hardware, identifying new devices on my network, whether they be wireless, wireless handheld devices, smartphones, laptops, etc. * Brute force attempts against passwords. * Password spraying attempts. It is deployed inline into an appliance on-prem and leveraging a network SPAN port. We are using the latest version.
The solution is a kind of Swiss Army knife. It can do a number of different things. We primarily use it for network traffic analysis and threat hunting.
We use it primarily for network-based security and threat-hunting across the network.
I'm primarily using it for viewing lateral movement within my network of suspicious activities. It's my internal monitoring of behaviors of endpoints inside my network, going outbound.