Seceon’s comprehensive platform includes more than 15 tools like ai, ml, vulnerability assessment, SIEM, SOAR, UEBA, NBAD, NTA, EDR, TI, but our focus for today is an area that frequently comes up in conversation with customers and partners alike.
Does your current cybersecurity Solution discover and remediate unwanted bot activities, malware, lateral movements, credential theft, and insider threats both on-prem and across the cloud?
Seceon’s aiXDR solution discovers and remediates a comprehensive list of threats, exploits, attacks, suspicious activities, and non-conformance/non-compliance items, including Zero-Day and advanced malware with sophisticated evasive techniques. The Table below is an indicative subset of the exhaustive threat models implemented in the product.
Threat Models |
Description |
Trojan Horse Activity |
Suspicious Trojan activity detected in the network. |
Insider Threat/Compromised Credentials |
Unusual activity by an insider with valid credentials. This could indicate a user with malicious intent or potential compromise of that user’s credentials. |
Policy Violation |
An alert to indicate policy violations based on provisioned rules (granular policies like micro-segmentation of network). |
Suspicious Infected Host |
A host is suspected to be infected based on correlation of all indicators of compromise. |
Botnet Detected |
A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam or syn messages. |
Spank Attack |
Spank attack is a form of DDoS attack where the attacker utilizes multicast addresses as source addresses to multiply the bandwidth consumed by the network and the targeted host. |
Potential Data Raid |
Detection of potential data breach or data raid from critical assets. |
Potential Exploit |
System has observed traffic patterns that would indicate an attempt to exploit system vulnerability. |
Volumetric DDoS |
Attacks that use massive amount of traffic saturating the bandwidth of the target. Volumetric attacks are easy to generate using Protocol (TCP/UDP) Flood. |
RC4 Attack |
Potential RC-4 Encryption Vulnerability exploitation detected |
Suspicious Account Creation – Insider Threat |
An account created for malicious intent by an Insider Administrator. |
Brute Force Attack |
Brute Force login attack on a particular host. |
Known Virus or Worm Infection |
Host infected with virus or worm with known signature (hash) |
Potential Web Exploit |
System has observed traffic patterns that would indicate attempts to exploit Web Application vulnerability. |
Potential Vulnerability Exploit |
System has observed traffic patterns that would indicate an attempt by a host to exploit application vulnerabilities present on other host(s) |
ICMP DDoS |
ICMP FLOOD based attack detection |
Malware Infected Host |
Server or endpoint infected with malicious software (including fileless) |
Insider Threat (USB) |
An insider who could be causing leakage of business sensitive information including privacy protected data (e.g PII, PHI), advertently or inadvertently from a high-value asset to an USB drive |
Data Exfiltration |
Unusual user activity is mapped with entities (databases, servers, applications) accessed and correlated with spike in data transferred from an internal IP/Port to another internal or external IP/Port to arrive at data exfiltration as potential Threat Indicator |
DDoS Amplification |
Amplification based DDoS attack detection |
DDoS TCP Syn |
TCP SYN based DDoS attack detection. |
Ransomware |
Dangerous malware that can encrypt the entire disk and hold endpoints/server hostage in lieu of demand for ransom |
DNS Tunneling |
DNS Tunneling |
Compromised Credentials |
User Credentials are suspected to be compromised |
Phishing Attack |
Socially engineered email that allures the recipient to a spurious website with malicious intent |
Zero Day Malware |
Malware without prior detection and known signature |
Lateral Movement |
Attempts by a malware (worm or botnet) to move from one endpoint/server to another with the intent of enhancing damage and/or reaching its target (server/application/database/storage) |
Command & Control Center (C&C) |
Attempts by a malware to establish communication with its Command & Control Center through various means – Backdoors, Domain Generation Algorithms (DGA), Beaconing etc. |