Home » IT Detection Modules

IT Risk Detection


Time for early detection

By using detection modules, IT security incidents and potential risks are displayed as well as monitored at an early stage. With our inhouse-developed detection technologies, customers are benefiting from an effective security concept. Radar Cyber Security delivers awarded excellence in detection & threat intelligence.

Radar Services

All IT detection modules can be used in our Cyber Defense Center (CDC), tailored to the needs of our Radar Services customers. The result is a complete IT security package consisting of hardware, software and expertise.

Radar Solutions

You want to run your own SOC/CDC? Or you operate as a security provider (MSSP) with your own team? Obtain the IT detection modules within our technology package

Log Data Analytics

lda log monitoring
log data, file analytics, siem

The essence of Log Data Analytics, formerly known as Radar’s SIEM, Security Information and Event Management, is the collection and analysis of logs from various sources within a network (e.g. server, clients, network devices, firewalls, applications) for security-relevant information and events. Various common log formats are understood out of the box. Furthermore there is always the possibility for additional parsers to normalize custom logs. Information and events from all these areas are aggregated. Risk is identified through the state-of-the-art correlation engine with continuously updated, enhanced and always customized correlation rules and policies.

An effective management of security flaws is enabled. A fraudulent use of the IT and applications, internal fraud and security threats are detected out of millions of events. Our Intelligence Team analyses suspicious events and prioritizes them in terms of business criticality and need for urgency. The number of events reported to a client is reduced to a handful of important incidents.

An effective configuration of the system is achieved through predefined filters, templates and plugins. Thus setting-up is neither time consuming nor resource intensive.



Network Behavior Analytics

network behavior highlighting, cyber alerts

Network traffic from and to the Internet is analysed in real-time in order to detect suspicious patterns and anomalies such as malware, command and control server, bots, spyware, drive by sources, DDoS targets and sources and others.

More than 19,000 continuously updated (matched with IP reputation data) signatures and rules serve as the basis for detection. Additionally the behaviour-driven analysis of zero-day exploits and other unknown attacks without signatures as well as the detection of protocols (even from various ports) are crucial tasks of this module. Moreover thousands of file types are identified via MD5 checksums and possible file extractions to support documents with either staying out or not getting out.

The module is highly scalable with a master/probe configuration option for decentralised internet breakouts. 1Gbit and 10Gbit interfaces are supported (copper and fibre).



Vulnerability Management and Software Compliance

Vulnerability Management, compliance chain
vulnerability management, compliance check

VMC includes continuous and highly accurate internal and external vulnerability scans for a 360-degree view. Besides fast and efficient authenticated or non-authenticated vulnerability scans, open ports, the use of potential unsecure or unnecessary services on these ports as well as shares and non-secure shares are detected.

Furthermore compliance- and password-checks spot configuration problems with regard to applications as well as password and user-policies. Standard and missing passwords are detected. Outdated patch versions of installed software and services with registry and DLL checks on Windows systems are done.

State-of-the-art vulnerability scanning in combination with the analysis of the Intelligence Team delivers results with zero false-positives and full vulnerability coverage. Safe scanning is ensured, thus any disturbance of the availability or integrity of information is avoided.

Overall more than 67,000 tests are carried out in the categories of OS, software and vulnerabilities using the largest database in the industry. Vulnerabilities are categorized as high, medium or low risk, as well as possible exploit with easy-to-read overviews of the current vulnerability landscape and information ready to meet compliance requirements.

The comprehensive scanning capabilities include

Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage

Virtualization: VMware ESX, ESXi, vSphere, vCenter, Hyper-V, and Citrix Xen Server

Operating systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries

Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB

Web applications: Web servers, web services, OWASP vulnerabilities

Cloud: scanning of cloud applications and instances like Salesforce and AWS



Advanced Threat Detection

Advanced Cyber Threat Detection Notification transmission
Advanced cyber threat detection notification transmission

Best-in-class detection of advanced malware is specifically designed to stop evasive malware created to bypass conventional security defense and sandbox technologies used by first generation APT security systems.

The next-generation sandbox technology is powered by full system emulation to catch not only persistent threats and zero-day exploits. It has a deeper understanding of malware behavior to measure its impact. The feed of advanced threats is continuously updated.



Endpoint Detection & Response

Endpoint Detection Response House icon with lock
Endpoint Detection Response House icon with lock

Endpoint Detection and Response collects, analyzes and precorrelates logs of a server or client and alerts if an attack, fraudulent use or error is detected. It checks file integrity of the local system. Rootkit detection identifies hidden actions by attackers, trojans, viruses, etc. when system changes occur.

EDR leads to real-time alerts and active response. EDR integrates smoothly with LDA and delivers additional valuable information for central correlation.

It runs on nearly every operating system (Linux, Solaris, HP-UX, AIX, BSD, MacOS, Windows, VMware ESX) and meets compliance requirements. Centralized policy deployment is done for all EDR agents to monitor the server’s compliance.



Stay in touch

newsletter  Newsletter

mail-green  Contact us

Follow us:


In Kontakt bleiben

newsletter  Newsletter

mail-green  Kontakt

Folgen Sie uns: