HOW IT WORKS

Our Attack Intelligence Platform is built to scale your defenses by verifying and optimizing risk mitigation for each component of your security pipeline in real-time.

RADAR INTELLIGENCE

Radar uses distributed workloads from multi-region cloud environments to collect intelligence often used by adversaries to target your organization. Intelligence data includes data leaks, source code leaks, API key leaks, credential leaks, email leaks, forum chatter, social media chatter, exposed S3 buckets, weak credential policy enforcement on public facing applications,  exposed services,  and DNS.

How It Works
How It Works
How It Works
How It Works

DATA COLLECTION

Recon Mode analyzes data collected from your authorized breach point, users, services, namespaces, systems, NAC, security controls, prevention controls, network topology, accessible endpoints, exposed services, third-party apps supporting infrastructure, and Radar intelligence. Our architecture supports multi-breach points and asynchronous execution across hybrid environments. As your infrastructure or cloud workloads scale, Recon Mode scales with it.

DATA COLLECTION

Recon Mode analyzes data collected from your authorized breach point, users, services, namespaces, systems, NAC, security controls, prevention controls, network topology, accessible endpoints, exposed services, third-party apps supporting infrastructure, and Radar intelligence. Our architecture supports multi-breach points and asynchronous execution across hybrid environments. As your infrastructure or cloud workloads scale, Recon Mode scales with it.

How It Works
How It Works

INTELLIGENCE ATTRIBUTION

Core metadata known as Notable Evidence is extracted and used to develop situational awareness and profiling tactics targeting users, services, namespaces, systems, NAC, security controls, prevention controls, network topology, accessible endpoints, exposed services, third-party apps supporting infrastructure, and Radar intelligence. All metadata is enriched and attributed to malware families, CVEs, known exploits, NIST, CAPEC, and MITRE ATT&CK.

How It Works
How It Works
How It Works

TARGET IDENTIFICATION

Attack Intelligence and Notable Evidence produced by Radar and Recon Mode are extracted, attributed, indexed, and analyzed to construct critical attack paths to high-value targets. In multi-breach point deployments, asynchronous execution is used to identify targets across multiple business units within seconds.

TARGET IDENTIFICATION

Attack Intelligence and Notable Evidence produced by Radar and Recon Mode are extracted, attributed, indexed, and analyzed to construct critical attack paths to high-value targets. In multi-breach point deployments, asynchronous execution is used to identify targets across multiple business units within seconds.

How It Works

ATTACK SCENARIO DEVELOPMENT

Attack Mode continually builds and executes defense evasion and discovery techniques to discover, analyze, and verify attack vectors in your organization. As attack paths form,  attack chain development begins. As defenses improve and environments change, Attack Mode adapts by forming attack scenario variants.

How It Works
How It Works

EVIDENCE CONTEXTUALIZATION

All authorized breach activity is contextualized, attributed, verified, and sent to your analytics platform of choice. The data includes platform events, operator events, technique events, API calls, evidence collected, DLLs and namespaces.

RISK PROFILE VERIFICATION

Risk profiles are formed to help verify your organization’s current risk exposure to malware families, threat groups, insider threats, and attack scenarios unique to your organization. Risk profiles are malleable and can be deployed anytime in single or multi-breach point deployments.

How It Works

CONTINUOUS

TARGETED ATTACK EXECUTION

How It Works

VERIFIED RISK METRICS

Risk Analytics Engine (RAE) deploys graphing algorithms used in financial trading platforms to produce real-time risk metrics based on your acceptable risk thresholds. RAE enables you to identify and drill-down on performance gaps by:

How It Works
How It Works

HIGH FIDELITY SIGNALS

SIGINT continually monitors and attributes data collected from Radar, Recon Mode, Attack Mode, your risk profile thresholds, and risk metrics, to produce High-Fidelity Intelligence Signals. 

CONTINUOUS

How It Works

INTEGRATED REMEDIATION

Deploy host and cloud native detection rules for Windows, Linux, OSX, Docker, Azure, and AWS.

OPTIMIZED MITIGATION

Optimize mitigation strategies across your business units by delivering clear instructions to your stake holders, 24/7.

DELTA REPORTS

Save time and report changes in your security posture without the need to compare and contrast.

FOCUS ON WHAT MATTERS RIGHT NOW

Rapidly verify protection against targeted attacks and eliminate risk of initial breach tactics before they happen.

TALK TO A BLACKBOT ANALYST TODAY