Solar Security



inCode Logo

Solar inCode is a next-generation software for application security testing. Solar inCode’s convenient interface requires just a couple of clicks, since all the intricate variability of algorithms and settings is automated as much as possible.

If the source code is available, the scanner easily integrates with software repositories. Otherwise, a working copy of the program can be simply uploaded to Solar inCode. Mobile software can be tested by merely copying a link to the app in Google Play or Apple Store into the Solar inCode menu.

Solar inCode provides detailed recommendations and instructions on addressing any vulnerabilities by either (1) amending the source code or (2) using remedies available in SIEM, WAF and Firewall systems.

ADVANTAGES OF SOLAR INCODE

  • No need for source code to analyze Applications
  • Test results are generated in the format of specific recommendations on addressing vulnerabilities
  • Detailed instructions are produced on setup procedures for SIEM, WAF, FW and NGFW security systems
  • Several code analysis technologies are employed to detect a greater number of vulnerabilities
  • A user-friendly interface that enables scanning by just two mouse clicks
  • The product seamlessly integrates with the process of secure software development

PROBLEMS ADDRESSED BY SOLAR INCODE:

  • Web and mobile applications are available to external users; the IS department, while having no control over their security, is still held responsible for incidents
  • Lack of proper communication between the IS department and developers: the source code is not handed over to IS, or, at best, IS gets an archive that is almost impossible to sort out
  • Web application code errors take too long to fix
  • Data leaks owing to bugs intentionally built into the code by developers
  • Lack of control over the security of applications used by the company

 

Structure

 

SOLAR INCODE STRUCTURE

Solar inCode consists of three functional elements:

  • The analytical system
  • The reporting system
  • The Fuzzy Logic Engine to process false positives

This structure makes our product a fast and efficient application security-testing tool that requires no lengthy setup or training.

 

Solar Dozor is a comprehensive Data Loss Prevention (DLP) solution to monitor employees’ digital communications at the workplace.

Solar Dozor is customized to identify and investigate suspicious employee behavior that may cause serious financial losses to the employer such as early warning signs of fraud, conflicts of interests or affiliation with 3rd party, etc.

ADVANTAGES OF SOLAR DOZOR:

  • Predictive monitoring for early detection of employee’s unlawful activities and corporate fraud signs.
  • Full archive of employees’ digital communications data with advanced search capabilities
  • Case-files for employees and restricted data objects
  • Incident lifecycle management throughout the investigation process
  • All required features of a DLP solution to monitor employees digital communications.

ANALYTICAL MODULE

  • Identification og employee’s abnormal behavior in the workplace
  • Identification of unusual and risky contacts of employees
  • Social graph to depict employee relations to other users
  • Employee Loyalty Index for each person
  • Tips on further steps conducting an investigation
  • Data analysis based on OLAP and BI Technologies

 

Dozor Structure

HOW IT WORKS

Solar Dozor 6.0 consists of the following components:

  • DLP modules to monitor and classify intercepted messages; these modules may be deployed at the edge of the network;
  • Full communications archive to accumulate hundreds of terabytes of employees’ generated data for reliable storage and forensics;
  • Analytical tools to conduct investigations, maintain case files and run automatic examination of incidents.

Positive Technologies

Positive Technologies helps you safeguard your business from security threats you can’t see. Protecting your organization is serious business that deserves to be based on science, not speculation; on modern technologies, not new buzz words.






PT MULTISCANNER™

Coordinated Protection from Malware and Advance Persistent Threats

No single anti-virus solution can offer complete protection against Information Security threats including Malware and Advance Persistent Threats (APT), but attempting to deploy multiple Anti-Virus (AV) solutions typically increases your administrative burden and often results in clashes between competing tools.

PT Multiscanner is the first enterprise solution to address this challenge by combining and coordinating the AV definitions from multiple vendors in a single scan, offering increased overall protection without the need to conduct additional tests or consolidate separate results.

Optimize Malware and APT detection effortlessly

PT Multiscanner is a multi-engine, stream-based antivirus platform that provides high-performance analysis of data stored or transmitted via corporate networks including file storage, web portals, email, and network traffic.

Benefit from simultaneous protection from market-leaders such as SymantecTM, McAfeeTM, Trend MicroTM, Kaspersky Lab, ESET and Bitdefender® without the need to buy licenses separately from each vendor.

Consolidated scan results are presented in a single, user-friendly interface, giving you full visibility of threats in your network. And the sooner you find these hazards, the faster you can fix them.

Comprehensive Coverage without Compromising Privacy

PT Multiscanner is a locally-hosted solution that works from within the enterprise’s security perimeter; ensuring confidential data is never exposed to third parties. Use it to tackle a range of security challenges:

  • Monitor network traffic in real time
  • Protect email traffic and limit social engineering attacks
  • Analyze file storage to detect infected files and block the spread of viruses and malware
  • Safeguard web portals to prevent data leakage, maintain uptime and protect end-users from malware
  • Perform standalone malware checks on individual files uploaded to a locally-hosted portal
  • Simplify incident investigation with retrospective analysis that tracks suspect files through your infrastructure

An optional independent verification feature allows organizations to double-check scan results with VirusTotal. All private data is anonymized and hashed before upload to the cloud.

PT Multiscanner’s flexible APIs make it easy to integrate with existing systems including mail or file servers, proxy servers, IPS/IDS, monitoring and network forensic tools.

PT APPLICATION FIREWALL™

AppFW06

Almost every modern enterprise uses hundreds of Web, mobile or ERP applications to help run their operations. But as your number of applications grows, so does the number of security vulnerabilities within them that could be exploited to damage your business. The Verizon 2014 Data Breach Investigation Report (DBIR) shows that last year 35% of security breaches involved attacks against web applications, up by 14% since 2012. Moreover, Web app attacks were the most common cause of data breaches, followed by cyber-espionage, POS intrusion and insider misuse.

AppFW01 AppFW02 AppFW03 AppFW04 AppFW05

Why do these attackers succeed? The fact is that most application security threats are created by developers’ mistakes that cannot be addressed with traditional security scanners, IDS or firewalls:

  • Attackers often exploit zero-day vulnerabilities, making signature analysis obsolete and confirming the need for adaptive solutions, self-learning and behavioral analysis techniques.
  • Modern corporate applications use different languages, protocols and technologies, as well as customized solutions and third party code. Protection of such applications requires thorough analysis of the application structure, user interaction patterns and usage context.
  • Modern firewalls deal with thousands of suspicious incidents. There is no time for security specialists to check them all manually to identify the real threats. There is an urgent need for automatic sorting, ranking and smart visualization of security events.
  • Even well-known vulnerabilities cannot be fixed immediately; patching of ERP or e-banking systems can take months. An application security system should have a mechanism to mitigate breaches while developers are fixing the code.
  • Secure SDL may dramatically reduce the cost of errors as long as they are fixed at the early stages of coding, but it’s hard to find effective automated solutions for code analysis.

WHY PT APPLICATION FIREWALL

PT Application Firewall, a smart protection system developed by Positive Technologies, is a serious response to the security challenges created by today’s range of web portals, ERP and mobile applications. PT AF can block 30% more network attacks than other firewalls thanks to several innovative security technologies.

  • Fast adaptation to your systems: Instead of applying the classical signature method, PT AF analyzes network traffic, logs and users’ actions, constantly creating and maintaining a real-time statistical model of the application during normal operation. It then uses this model to detect abnormal system behavior. Together with other protection mechanisms, it ensures 80% of zero-day attacks are blocked without any special adjustment needed within the client.
  • Focus on major threats: PT AF weeds out irrelevant attack attempts, groups similar incidents and detects attack chains — from spying to data theft or backdoor setup. Instead of thousands of potential attacks, information security specialists receive a few tens of truly important messages.
  • Instant blocking: PT AF’s virtual patching techniques allow you to protect an application, even before insecure code is fixed. Together with PT Application Inspector’s exploit generation mechanism, virtual patching provides continuous and automated detection, verification and blocking of vulnerabilities.
  • Protection against security bypass: PT AF handles data with regard to a protected server technology stack, analyzes XML, JSON and other protocols typically used in modern portals and mobile applications. It ensures protection from the majority of firewall bypass methods including HPC, HPP and Verb Tampering.
  • Behavioral analysis against robots: The mechanisms used against automated malware include protection from brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage.
  • SSDL support: PT Application Inspector (PT AI) and PT AF provide developers with information about incorrect code in convenient formats including exploits, thus reducing the costs associated with secure development and testing.

CUSTOMIZED PROTECTION

With more than 10 years of security research and a huge knowledge base of vulnerabilities, the experts at Positive Technologies have amassed extensive experience in protecting enterprises of all sizes across a wide range of industries. Each industry has its own unique features and requirements are crucial to practical security. Every deployment of PT Application Firewall includes configuration to meet the specific needs of each client.

Pre-configured versions of PT AF have been developed to protect:

  • Banks and Financial Institutions where many critical applications used both by clients and partners have to meet the requirements of PCI DSS and other regulatory authorities, while third-party applications and 24/7/365 operations leave little scope for vulnerability fixes.
  • Media portals with frequently refreshing content including online streaming, XML gateways and other integrations with a wide range of systems that are popular targets for “hacktivists”, rivals and criminals.
  • Telecoms where convergence of many different technologies may lead to an “avalanche” of failures caused by a single hack, while the integration of simple mass services with payment systems raises the danger of fraud.
  • ERP systems that are often maintained and supported remotely by third-party companies, leading to security mechanisms being weakened for ease of access. Developers of business-application code typically care more about functionality than security.

Balabit



REAL-TIME USER BEHAVIOR ANALYTICS FOR THE IDENTIFICATION OF INTERNAL & EXTERNAL ATTACKERS

Blindspotter™ is a monitoring tool that maps and profiles user behavior to reveal human risk. It integrates a variety of contextual information in addition to logs, processes them using various unique algorithms, and offers a wide range of outputs from warnings to automatic interventions. Blindspotter™ is an advanced component of the Contextual Security Intelligence Suite. It discovers previously unknown risks and guides the investigation of threats through CSI.Risk.

The new perimeter is our users
Many companies’ worst nightmare is already lurking inside what was previously thought to be its perimeter, a sophisticated external attacker or malicious insider. Nowadays, attackers are intelligent, well-funded and their attacks are increasingly complex and well targeted. The common theme of recent, high-profile breaches is that they were carefully planned and went undetected for some time with the attackers moving freely inside the victim’s IT environment. Malicious insiders hold an advantage over a company’s primary security tools in that they are designed to protect against external threats, not against trusted employees. Targeted attacks by humans use a combination of IT vulnerabilities, social engineering and ordinary crime to gain unauthorized access. It means that the new perimeter, where you have to focus, is your users. They are the new focus of your security measures instead of the infrastructure. Blindspotter is the incarnation of this approach, the user focused IT security: it concentrates on what internal and external users are doing in the system.

More monitoring less control
Balabit is an IT security innovator for more than 15 years, which specialized in log management and advanced monitoring technologies, developed Blindspotter™, a next generation IT security tool that analyzes all user activity and reveals suspicious events occurring throughout IT systems. By detecting deviations from normal behavior and assigning a risk value, it helps companies focus their security resources on important events and also allows them to replace some controls, yielding greater business efficiency. Adding more tools that restrict users won’t make your company safer, it will just make your employees less productive.

ecsi-concept-465x202

Blindspotter™ integrates a variety of contextual information in addition to standard log data (like application logs, SIEM data, HR and CRM system inputs, LDAPs, etc.), processes them using unique sets of algorithms, and generates user behavior profiles that are continually adjusted using machine learning. It tracks and visualizes user activity in real-time for a better understanding of what is really happening inside the IT system and offers a wide range of outputs from a priority dashboard to automatic interventions. It doesn’t require pre-defined correlation rules; it simply works with your existing data. The built-in algorithms have customizable parameters that allow you to fine-tune the output without being a skilled data scientist. Data is analyzed in multiple ways to adjust the risk and deviation level of each activity. Blindspotter™ reveals all new deviations from normal operation in a well-prioritized dashboard. With advanced monitoring across every aspect of an IT system, Blindspotter™ prevents sensitive and critical data from potential security breaches, from both internal and external attackers.

user-behavior-analysis-475x211

PRIVILEGED USER MONITORING

Shell Control Box is a user monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise device, completely independent from clients and servers – integrating seamlessly into existing networks. SCB is a core component of the Contextual Security Intelligence Suite. It captures the activity data necessary for user profiling and enables full user session drill down for forensic investigation in CSI.User.

CENTRAL POLICY ENFORCEMENT

SCB acts as a centralized authentication and access-control point in your IT environment which improves security and reduces user administration costs. The granular access management helps you to control who can access what and when on your servers.

ADVANCED PROTECTION OF SENSITIVE DATA

SCB perfectly isolates your sensitive systems from unknown intruders or from non-authorized users. In addition, it tracks all authorized access to sensitive data and provides with actionable information in the case of human errors or unusual behavior.

privileged-activity-monitoring-409x460

PREVENTION OF MALICIOUS ACTIVITIES

SCB monitors privileged user sessions in real-time and detects anomalies as they occur. In case of detecting a suspicious user activity (for example entering a destuctive command, such as the “delete”), SCB can send you an alert or immediately terminate the connection.

TIGHTER EMPLOYEE & PARTNER CONTROL

SCB audits “who did what”, for example on your database or SAP servers. Aware of this, your employees will do their work with a greater sense of responsibility leading to a reduction in human errors. By having an easily interpreted, tamper-proof record, finger-pointing issues can be eliminated.

FASTER, COST-EFFECTIVE SUPERVISORY AUDITS

SCB makes all user activity traceable by recording them in high quality, tamper-proof and easily searchable audit trails. The movie-like audit trails ensure that all the necessary information is accessible for ad-hoc analyses or custom activity reports.

LOWER TROUBLESHOOTING & FORENSICS COSTS

When something wrong happens, everybody wants to know the real story. Analyzing thousands of text-based logs can be a nightmare and may require the participation of external experts. The ability to easily reconstruct user sessions allows you to shorten investigation time and avoid unexpected cost.

privileged-access-management-platform-roi-535x536

Logpoint

A Hassle Free SIEM Solution: Full Visibility – In Real-Time

You are able to easily assess the status of your systems and applications through the solution’s uniquely designed correlation and analysis layer.

The built-in log analysis engine automatically detects and notifies of all critical incidents on your systems. The events monitored can be very diverse and can include: an ongoing attack, a compromised system, a system breakdown, user authentication issues and much more.

The raw log data from your systems can be used to:

  • Automate regulatory processes
  • Improve efficiency in forensics investigations
  • Increase troubleshoot turnaround time
  • Improve your security position
  • Gain visibility into the organization

Features

  • Out-of-the-Box Reporting: Utilize the wide range of reporting templates forcompliance such as PCI, SOX, ISO2700X etc. or modify or create reports from scratch using the intuitive LogPoint Report Wizard.
  • Easy-to-Manage Dashboards: Obtain a structured overview of critical events & security incidents in real-time. You are able to configure the dashboards to reflect desired views based on a user’s privileges.
  • Data Enrichment: With LogPoint’s full data-enrichment capabilities you obtain an added dimension of analysis, without the need to import and fragment existing data.
  • NoSQL Technology: LogPoint is powered by the latest NoSQL technologies. This enables LogPoint to receive and normalize billions of logs generated on your infrastructure every day
  • Built-in Scaling: The built-in scaling architecture enables enterprise-wide implementation. LogPoint supports an infinite number of collection, analysis & presentation points, providing the ultimate degree of flexibility.
  • Easy Implementation: LogPoint is shipped in a virtual appliance, physical appliance or as a piece of software and does not rely on specific hardware, allowing organizations flexibility in deployments and orchestrating of storage.
  • Favorable Licensing: LogPoint is licensed on the number of devices sending logs to the system. Thus, organizations can scale to as many LogPoint servers as needed, while maintaining transparent cost-projections.
  • Extensive Integration: LogPoint easily integrates with both external data and existing information sources such as asset-management systems, directories, HR- and ERP systems, and others.
  • Categorizing Taxonomy: Any new application, business process or infrastructure component will be immediately covered by our best-practice taxonomy and thus the features in LogPoint without user involvement.