Threat Emulation

The Internet has become one of the most important communication tools to governments, organizations and individual users. However, the cyberspace emerging from a vast number of connected devices over the Internet creates an opportunity for cybercriminals to exploit potential vulnerabilities in organizations’ security posture.

Overview

Organizations send and receive vast amounts of documents and files to and from the Internet on a daily basis, providing cybercriminals an attack surface to implement their malicious activities. Downloaded files over the Internet and email attachments are the most vulnerable entry points to internal organizational resources. Common security protection solutions only track the signature of already known viruses and infected files, and block them when the signature is matched. Therefore, advanced cybercriminals easily bypass them by forming new unknown malware and carrying out 0-day attacks through web and email traffic.

Organizational files need to be automatically inspected with innovative and cutting-edge emulation engines in secure, sandboxed environments before reaching their destination, in order to keep the risk of 0-day infections to a minimum.

Characteristics

Optimal Detect Rate
Provides a high detection rate of unknown cyberattacks and Advanced Persistent Threats (APT), addressing the limitations of traditional signature-based anti-malware solutions
Maximum Threat Prevention
Incorporates unique, cutting-edge emulation engines that emulate malware behavior in real time, thus inhibiting cyberattacks from launching and evading detection mechanisms
Threat Intelligence Visibility
Managing 0-day threats across your organization sets the ground for a productive and safe environment
Flexible Implementation
Flexible threat emulation solutions can be implemented as cloud-based solutions or as on-premises dedicated appliances; these solutions can fulfill regulatory and performance requirements of any organization ensuring first-class security protection from 0-day attacks

Features

Real-time Emulation
Virtual sandboxed environments are used to analyze every inspected file, by safely emulating system behavior if malware would be executed. Automatic cryptographic hash learning of every unknown malware is recorded to optimize emulation, thus minimizing the attack surface
Dynamic Detection of Unknown Malware
Unknown malicious executables, files with macros and embedded objects that routinely bypass traditional signature-based IPS and antivirus engines are proactively emulated and prevented. 0-day malware exploits, targeted attacks, APTs and other advanced malware are uncovered by picking up file execution anomalies and identifying malicious executable code and behavior in every system process
SSL and TLS Inspection
0-day attacks are uncovered not only from unencrypted communications such as HTTP, but also from SSL and TLS encrypted channels through email and web traffic
Comprehensive Monitoring and Reporting
Dashboards, reports and summaries of every malware and file inspected are provided in a simplistic, user-friendly and unified environment

Deployment

Drawing from our ever-growing expertise, developed through our Technology Risk Solutions and Managed Security Services (MSS) divisions, we first assess your organization’s needs based on your existing infrastructure, network architecture, applications and systems’ setup. Once we have a well-rounded understanding, we proceed by proposing the best-suited Threat Emulation solution that fits your environment.

Remaining Secure

Our suite of post-deployment services is designed to offer further enhancements to your network, systems and applications, as follows:

Maintenance & Support

Integration with ClearSkiesTM NG SIEM-as-a-Service

Full-fledged 24/7 Managed & Security Log monitoring

This solution comprises part of the “Test & Assess’’, ‘’Design & Implement”, ‘’Monitor & Respond’’ and ‘’Consulting’’ phases of our Information Security Continuum (ISC).