Time for early detection
By using detection modules, IT security incidents and potential risks are displayed as well as monitored at an early stage. With our inhouse-developed detection technologies, customers are benefiting from an effective security concept. Radar Cyber Security delivers awarded excellence in detection & threat intelligence.
Radar Services
All IT detection modules can be used in our Cyber Defense Center (CDC), tailored to the needs of our Radar Services customers. The result is a complete IT security package consisting of hardware, software and expertise.
Radar Solutions
You want to run your own SOC/CDC? Or you operate as a security provider (MSSP) with your own team? Obtain the IT detection modules within our technology package
Log Data Analytics
The essence of Log Data Analytics, formerly known as Radar’s SIEM, Security Information and Event Management, is the collection and analysis of logs from various sources within a network (e.g. server, clients, network devices, firewalls, applications) for security-relevant information and events. Various common log formats are understood out of the box. Furthermore there is always the possibility for additional parsers to normalize custom logs. Information and events from all these areas are aggregated. Risk is identified through the state-of-the-art correlation engine with continuously updated, enhanced and customized correlation rules and policies.
An effective management of security flaws is enabled. A fraudulent use of the IT and applications, internal fraud and security threats are detected out of millions of events. The cyber defense team analyses suspicious events and prioritizes them in terms of business criticality and need for urgency. The number of events reported to a client is reduced to a handful of important incidents.
An effective configuration of the system is achieved through predefined filters, templates and plugins. Thus setting-up is neither time consuming nor resource intensive.
Technology
Numerous common log formats – out of the box
Information and events from all areas are aggregated
State-of-the-art correlation engine with continuously updated, enhanced and customized correlation rules and policies
Service
Analysis, ranking and subsequent display of incidents within Radar Cyber Security Cockpit, generated by the activated LDA use cases
Continuous improvement and adjustment of the use cases in order to prevent potential false positives
Results are delivered on demand or on a daily, weekly, monthly plan.
Network Behavior Analytics
Network traffic from and to the Internet is analysed in real-time in order to detect suspicious patterns and anomalies such as malware, command and control server, bots, spyware, drive by sources, DDoS targets and sources and others.
More than 19,000 continuously updated (matched with IP reputation data) signatures and rules serve as the basis for detection. Additionally the behaviour-driven analysis of zero-day exploits and other unknown attacks without signatures as well as the detection of protocols (even from various ports) are crucial tasks of this module. Moreover thousands of file types are identified via MD5 checksums and possible file extractions to support documents with either staying out or not getting out.
The module is highly scalable with a master/probe configuration option for decentralised internet breakouts. 1Gbit and 10Gbit interfaces are supported (copper and fibre).
Technology
More than 19,000 continuously updated (matched with IP reputation data) signatures and rules
Additional behavior-driven analyses for zero-day exploits and other unknown attacks
Identification of thousands of file types via MD5 checksums and possible file extraction
Service
Detection of dangerous malware, anomalies and other network traffic risks based on signature and behavior-based detection engines
Analysis, prioritization and display of alerts within Radar Cyber Security Cockpit
Vulnerability Management and Compliance
VMC includes continuous and highly accurate internal and external vulnerability scans for a 360-degree view. Besides fast and efficient authenticated or non-authenticated vulnerability scans, open ports, the use of potential unsecure or unnecessary services on these ports as well as shares and non-secure shares are detected.
Furthermore compliance and password checks spot configuration problems with regard to applications as well as password and user-policies. Standard and missing passwords are detected. Outdated patch versions of installed software and services with registry and DLL checks on Windows systems are done.
State-of-the-art vulnerability scanning in combination with the analysis of the CDC team delivers results with zero false-positives and full vulnerability coverage. Safe scanning is ensured, thus any disturbance of the availability or integrity of information is avoided.
Overall more than 67,000 tests are carried out in the categories of OS, software and vulnerabilities using the largest database in the industry. Vulnerabilities are categorized as high, medium or low risk, as well as possible exploit with easy-to-read overviews of the current vulnerability landscape and information ready to meet compliance requirements.
Comprehensive scanning include
Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
Virtualization: VMware ESX, ESXi, vSphere, vCenter, Hyper-V, and Citrix Xen Server
Operating systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB
Web applications: Web servers, web services, OWASP vulnerabilities
Cloud: scanning of cloud applications and instances like Salesforce and AWS
Technology
Accurate internal and external vulnerability scans for a 360° view
Authenticated or non-authenticated vulnerability scans, open ports and precarious or unnecessary services
Compliance and password checks including policies and the detection of missing password protection processes
Categorization of vulnerability risks: high, medium and low
Service
Authenticated or non-authenticated vulnerability scans for defined assets, IP ranges or hostnames
Analysis, prioritization and display of vulnerabilities within Risk & Security Cockpit
Advanced Threat Detection
Best-in-class detection of advanced malware is specifically designed to stop evasive malware created to bypass conventional security defense and sandbox technologies used by first generation APT security systems.
The next-generation sandbox technology is powered by full system emulation to catch not only persistent threats and zero-day exploits. It has a deeper understanding of malware behavior to measure its impact. The feed of advanced threats is continuously updated.
Technology
Modern detection methods for highadvanced and concealed malware
Sandboxing of the latest generation
Complete system emulation and deep understanding of malware behavior
Continious updates on advanced threats
Service
Analysis of email messages and suspicious network traffic
Results displayed in the Risk & Security Cockpit
Endpoint Detection & Response
Endpoint Detection and Response collects, analyzes and precorrelates logs of a server or client and alerts if an attack, fraud use or error is detected. It checks file integrity of the local system. Rootkit detection identifies hidden actions by attackers, trojans, viruses, etc. when system changes occur.
EDR leads to real-time alerts and active response. EDR integrates smoothly with LDA and delivers additional valuable information for central correlation.
It runs on nearly every operating system (Linux, Solaris, HP-UX, AIX, BSD, MacOS, Windows, VMware ESX) and meets compliance requirements. Centralized policy deployment is done for all EDR agents to monitor the server’s compliance.
Technology
Collection, analysis and correlation of logs from a server or client
Alerting the detection of attacks, misuse or errors
Checking the file integrity of the local system
Rootkit detection and identification of hidden attacks, trojans or viruses based on system changes
Service
Detection of malware, anomalies and other network traffic risks using signature- and behavior-based detection software
Analysis, prioritization and display of results within Risk & Security Cockpit
