Easy to use, single customisable web based dashboard for an effective security monitoring. Continually monitor the network and identify risks with built-in sensors and tools. Transform any data, any log file into insight and provide deep network and systems visibility.
Threatdefence offers instant network visibility regardless of organisational size and geographical location. It can take any source feed, from any system, application or network and produce actionable insights into the security posture of an organisation. Threat Intel feeds, Vulnerability management, Netflow, IDS, OS, app monitoring and other tools included to instantly uplift your IT security capabilities.
Cyber-criminals innovate faster than commercial businesses. By the time businesses deploy technology it can be obsolete. Threatdefence will give you full visibility of your network as soon as you power the appliance. No need for 6 months of planning/implementing and endless coffees with consultants. After deployment of our Threatdefence appliance, you will gain 100% accountability of the network.
Simple plug and play appliance or agents will immediately discover and report incidents using behavior, analytics, signatures and threat intel indicators. Its like having an army of full time security analysts and auditors.
The first deployment was NYSE global corporation with offices in all continents. Threat defence was designed for large environments and to scale as your business grows. With plug&play appliances from micro to large offices, we're designed for business-friendly budgets and operational support. Utilizing big data platform provides theoretical limitless store.
Through the use of Big Data, Threatdefence effortlessly produces real time reports of your IT environment. Convert what goes in your network into beautiful visualisations providing valuable ACTIONABLE insights. In minutes see misconfigured firewall access rules, authentication failures, vulnerabilities, PCI compliance, its 100% visibility and accountability.
Threatdefence is perfectly positioned as a core system for your SOC. Its deisnged to have remote sensors that report to central "SIEM". With a few clicks, in few seconds, the system replaces hours of security investigations.
If you are a managed service provider of I.T services you can very easily increase customer credibility and revenue by implementing our White Label option. This option allows you to instantly add value to your services by at the click of a button adding managed Security to your existing services. Threatdefence can be used as a health check tool and identify any vulnerabilities or immediate remedial works.
All systems, networks, devices report to single dashboard for maximum visibility and corelation. All data is filtered through included threat intelligence feeds and other fancy tools.
Monitor your IDS, firewall, Windows audit logs, SQL data, reverse proxies, mail systems, phone systems, mobile devices, endpoints… We support them all.
Using the same sensoring tools as the worlds largest enterprises, we save time by automatically classifying incidents.
Detect if any events are to/from malicious sites using built-in threat intel, then check again with real-time authoritative online lookup.
All source/destination can be enriched with Geolocation data, answering questions such as: “why is 30% of entire corporate traffic to East Asia”?
See attempts to compromise and measure the effectiveness of your threat intelligence. See how many packets were dropped due to policy and how many due to threat intel. THE most intuitive firewall console.
Log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, active responses... If you do not have these tools, they are included at no cost. HIDS service helps meet compliance, such as PCI and includes file integrity monitoring.
Complete forensic information, including payload, headers, application info are recorded and stored.
Expand the capacity of your security and ops team at a fraction of the cost. ThreatDefence team will provide access to experts who can deploy, configure, fine-tune and customise to your needs. Save time and resources by having our engineers deploy, analyse, curate, manage and review your network to ensure it is fine-tuned and effective.
Some of the services included:
Within the first 2 minutes after powering on the appliance, ThreatDefence detected that 4x of our internet exposed servers have been compromised by overseas hackers. Established SSH network sessions from overseas simply popped up on our screen. The effortless detection of the unknown threats was impressive.
IT infrastructure manager, SFA
Effective decision making is driven by the strength of the information available. Out of the box connectors and dashboards allowed us to move from implementation to action in minutes. Combining TD’s capability with their proactive management service and regular posture review’s places us in a strong position of readiness.
CIO, Johnson Winter & Slattery Lawyers
Having the ThreatDefence solution report in real time and in such high level of detail allows us to detect new types of threats and respond in the shortest possible timeframe. Today we are more secure, more responsive and able to minimize even the most complex threats thanks to the ThreatDefence team and their solutions.
ENVIRONMENT: 4000+ employees global corporation.
BUSINESS EXPECTATION: Corporate email systems are secured with content filtering.
INDICATOR: Corporate office increased rate of sent emails by over %300 in 10 minutes.
THE FIND: Employee home computer infected with malware. Analysis showed malware using employee’s email client to send 1000’s of emails, causing regional mail server to reroute all email via Australia, where it was detected by the sensors. Email contained links to compromised sites.
LESSON: Implement effective network monitoring in regional offices also. Cybercriminals target smaller, regional and partner offices.
ENVIRONMENT: A nationwide financial advisor, with network of local accounting firms.
BUSINESS EXPECTATION: Exchanges of confidential data and credentials is to be secured.
INDICATOR: TD alerted on employees in local accounting accessing secure portal with weak password encryption. We were able to decrypt the password using single google search.
THE FIND: The potential danger to the financial service provider is that reputation and financial loss for being unable to properly secure credentials. Mandatory breach disclosure laws(check) require provider to inform affected customers. Our client, the local accounting firm was assuming these credentials are for top secret portal, therefore using their top secret passwords, for the provider to convert them to plain text.
LESSON: Properly secure credential transmission, simple $50 per year https implementation would have removed this risk.
ENVIRONMENT: Financial institution
BUSINESS EXPECTATION: Brand new vendor appliances will not be infected by malware!
INDICATOR: TD detected TOR communications inside customer network, using TOR exit nodes in Turkey. Closer investigation revealed office music broadcast system streaming continuous amount of data over TOR.
THE FIND: TO BE UPDATED Passwords are set to expire every 90 days; user gets reminded on the desktop and changes the password but neglects to update the smartphone which then tries repeatedly to logon, fails and causes an account lockout.
LESSON: User education is a good investment.
ENVIRONMENT: Financial Consultancy with 70+ employees;
BUSINESS EXPECTATION: Major business partner’s email systems are secure.
INDICATOR: Very large corporate partner’s network infected with Crypto virus, emails sent out with malicious attachment to our customer site running TD.
THE FIND: Our service desk received a call from our customer with reports of email outage to certain email domain. Our service desk team quickly established that emails are being administratively blocked on TD’s SMTP content filter, and the reason was that the corporate partner was caught to be sending emails with crypto malware attachments to our customer. The auto block remained in place to protect our customer from the 10000+ employee business partner. TD team informed the corporate partner which confirmed major crypto infection, including most of their servers. TD auto detected, auto blocked and ensured the customer is crypto-free – effortlessly.
LESSON: Do not assume that a large corporate partner have better security! Sometimes larger organisations can be more vulnerable due to more complex network.
Environment: 150+ employees services company.
Business expectation: Employees will comply with corporate standards
Indicator: Threatdefence detected communications with certain .tk domain name;
The Find: Employee was involved with downloading and sharing of media content using business PC. TD generated two alerts: one was for communication to .tk domain and the second alert was exit TOR node. This op was run by a third employee secretly using colleague PC.
Lesson: Implement no administrative privileges on local endpoints, application whitelisting and/or web content filtering to prevent running of non business apps.
Environment: 40+ employees financial company.
Business expectation: Ensure data integrity
Indicator: Threatdefence simply generated alert against hits from small Europeran country we have never seen before.
The Find: Prospect asks TD to help with some internet slowness issues. TD was deployed in “robot auditor” mode, which quickly generated visualization of network flow and exposed major security control issues. TD discovered large file transfer in progress, data type was various financial applications. The transfer was stopped, customer firewalls were upgraded to TD. later we were informed that former business partner hired a hacker to “spy”. The former partner was involved with managing IT.
Lesson: When significant person leaves the business, perform perimeter security review.
Environment: 100+ employees transport company
Business expectation: User accounts access is controlled
Indicator: Threatdefence detected username simultaneously logging from different continents.
The Find: TD matched a preconfigured correlation rule where same username logged in from two different geographical locations simultaneously. The employee logged in from his office at 0940, 2 hours later same employee logged in from Turkey using VPN. The employee VPN account was found to be compromised.
Lesson: Protect user accounts with controls, enforcement and monitoring.
Environment: 1000+ employees logistics company
Business expectation: Use of firewall to help secure corporate internet permiter.
Indicator: Threatdefence detected misconfigured firewall access lists, by analyzing netflow data delivered from single SPAN port.
The Find: TD constantly detects hits on outside firewall interface from services it should not have been open. These detections reduce major risks and allow prompt remediations.
Lesson: Firewall misconfiguration is very common and results in unneeded risk exposures.
Built By Impressive Solutions