SERVICES & SOLUTIONS

Bot-Trek Threat Detection Service

Bot-Trek Threat Detection Service

 

Bot-Trek Threat Detection Service (TDS) is a service, which allows companies to detect the infected parts in their enterprise network, prevent information leaks, targeted attacks, and industrial espionage utilizing information technology.

Delivered as a «device + service» model, Bot-Trek TDS is an effective tool for outsourcing routine processes, such as log analysis, event classification, allocation of critical incidents and response to threats detected.

All these tasks are dealt with by Group-IB’s qualified specialists with solid 10 years’ experience in investigation and prevention of computer crimes.

  • It detects network activity of all the important families of malware in real-time
  • It is connected to the office traffic copy via the SPAN port of the switch and monitors all incoming and outgoing connections
  • It identifies infected mobile devices of employees and guests in your company’s wireless networks
  • It daily updates information about threats from Group-IB’s cloud infrastructure automatically

Two parts of Bot-Trek TDS system

The sensor is a physical server running a DPI solution for analysis of all incoming and outgoing data packets. A set of signatures used to identify harmful activities, a black list of addresses of botnet controllers, as well as filter rules are automatically updated daily. The sensor transmits information about detected incidents over a secure channel to Group-IB SOC — a cloud data center.

All information about information security events detected in an enterprise network is collected, correlated and classified in the data center. The events are grouped by type and analyzed by Group-IB specialists manually. Data are analyzed 24/7. Employees of your company can at any time get a report of all the threats identified for any period of time with the ability to search for specific types of attacks. The specialists responsible for security at the company receive instant notification of all threats detected. These notifications can also be sent to SIEM after appropriate integration.

Typical technical specification of the Bot-Trek TDS sensor

Comparison of Bot-Trek TDS with traditional intrusion detection systems

 

Jake
Lavrenko

Subject:Bot-Trek Threat Detection Service

Leave me your message