Radar uses distributed workloads from multi-region cloud environments to collect intelligence often used by adversaries to target your organization. Intelligence data includes data leaks, source code leaks, API key leaks, credential leaks, email leaks, forum chatter, social media chatter, exposed S3 buckets, weak credential policy enforcement on public facing applications, exposed services, and DNS.
RADAR INTELLIGENCE
DATA COLLECTION
Recon Mode analyzes data collected from your authorized breach point, users, services, namespaces, systems, NAC, security controls, prevention controls, network topology, accessible endpoints, exposed services, third-party apps supporting infrastructure, and Radar intelligence. Our architecture supports multi-breach points and asynchronous execution across hybrid environments. As your infrastructure or cloud workloads scale, Recon Mode scales with it.
DATA COLLECTION
Recon Mode analyzes data collected from your authorized breach point, users, services, namespaces, systems, NAC, security controls, prevention controls, network topology, accessible endpoints, exposed services, third-party apps supporting infrastructure, and Radar intelligence. Our architecture supports multi-breach points and asynchronous execution across hybrid environments. As your infrastructure or cloud workloads scale, Recon Mode scales with it.
INTELLIGENCE ATTRIBUTION
Core metadata known as Notable Evidence is extracted and used to develop situational awareness and profiling tactics targeting users, services, namespaces, systems, NAC, security controls, prevention controls, network topology, accessible endpoints, exposed services, third-party apps supporting infrastructure, and Radar intelligence. All metadata is enriched and attributed to malware families, CVEs, known exploits, NIST, CAPEC, and MITRE ATT&CK.
TARGET IDENTIFICATION
Attack Intelligence and Notable Evidence produced by Radar and Recon Mode are extracted, attributed, indexed, and analyzed to construct critical attack paths to high-value targets. In multi-breach point deployments, asynchronous execution is used to identify targets across multiple business units within seconds.
TARGET IDENTIFICATION
Attack Intelligence and Notable Evidence produced by Radar and Recon Mode are extracted, attributed, indexed, and analyzed to construct critical attack paths to high-value targets. In multi-breach point deployments, asynchronous execution is used to identify targets across multiple business units within seconds.
ATTACK SCENARIO DEVELOPMENT
Attack Mode continually builds and executes defense evasion and discovery techniques to discover, analyze, and verify attack vectors in your organization. As attack paths form, attack chain development begins. As defenses improve and environments change, Attack Mode adapts by forming attack scenario variants.
EVIDENCE CONTEXTUALIZATION
All authorized breach activity is contextualized, attributed, verified, and sent to your analytics platform of choice. The data includes platform events, operator events, technique events, API calls, evidence collected, DLLs and namespaces.
RISK PROFILE VERIFICATION
Risk profiles are formed to help verify your organization’s current risk exposure to malware families, threat groups, insider threats, and attack scenarios unique to your organization. Risk profiles are malleable and can be deployed anytime in single or multi-breach point deployments.
CONTINUOUS
TARGETED ATTACK EXECUTION
VERIFIED RISK METRICS
Risk Analytics Engine (RAE) deploys graphing algorithms used in financial trading platforms to produce real-time risk metrics based on your acceptable risk thresholds. RAE enables you to identify and drill-down on performance gaps by:
- Business unit
- Verified block rate
- Verified attack scenarios
- Verified impact
- Verified threat profile
- Resource availability
- Permission weakness
- Threat Groups
- Malware family
- NIST-800-53
- ATT&CK for ICS
- ATT&CK for Enterprise
HIGH FIDELITY SIGNALS
SIGINT continually monitors and attributes data collected from Radar, Recon Mode, Attack Mode, your risk profile thresholds, and risk metrics, to produce High-Fidelity Intelligence Signals.
CONTINUOUS
INTEGRATED REMEDIATION
Deploy host and cloud native detection rules for Windows, Linux, OSX, Docker, Azure, and AWS.
OPTIMIZED MITIGATION
Optimize mitigation strategies across your business units by delivering clear instructions to your stake holders, 24/7.
DELTA REPORTS
Save time and report changes in your security posture without the need to compare and contrast.