GEORGIA, ATL: Dell SecureWorks announces a new cloud based security service, Advanced Endpoint Threat Detection (AETD) Red Cloak. The latest offering is a fully-managed SaaS solution that can significantly reduce the amount of time taken to detect a network breach from months down to hours.
Oftentimes, attackers go undiscovered within a victim’s IT infrastructure for months but with AETD Red Cloak’s user can identify malicious behavior by constantly sweeping a network for forensic evidence of indicators like what programs are running, what commands are being executed, network connections, thread injection and memory inspection. The service then compares what it has found to intelligence provided by Dell SecureWorks' Counter Threat Unit to help determine if a breach has taken place.
"Historically, Red Cloak was used by our Incident Response (IR) team when it went out on IR engagements to uncover undetected malicious activity taking place in organizations’ IT environments," says Aaron Hackworth, Senior distinguished Engineer, Dell SecureWorks’ CTU team. "However, Red Cloak was so successful in rooting out the threat actors that our Incident Response clients insisted we leave the Red Cloak solution installed in their IT environment to alert them to any future malicious activity. Those successes are what drove us to enhance the solution and make it available to help organizations around the world fight stealthy cyber-attacks."
The Red Cloak solution is specially designed to detect attacks that use little or no malware. Once inside a network, attackers continue to evade traditional endpoint security controls often by leveraging compromised credentials and tools native to the target’s environment, such as remote access services, endpoint management platforms and other legitimate system tools. This tactic is called "living off the land," and was used to gain entry in more than half of the cyber undercover operations.
"The cyber attacker has to set off just one of the tripwires, which we have installed in our clients’ environment, in order to trigger an alert," says Hackworth. "By focusing on threat actor behavior and not just the tools and infrastructure they use, we can identify and flag suspicious activity that bypasses firewalls, antivirus, intrusion prevent and detection devices and other traditional security controls. With the depth of monitoring we offer, we can put that activity in a larger context to quickly determine the scope of an intrusion."
AETD Red Cloak provides multiple views of system activity. The Security Analysis Team Cyber Threat Analysis Center provides an electronic notification within 15 minutes on determination of any security threat, high-impact incidents are forwarded on to the Senior Intrusion Analyst Team. AETD Red Cloak features the endpoint monitoring capabilities of the AETD Carbon Black service. AETD Carbon Black provides strong malware detection capabilities and focuses on file execution, system registry, network connections and onsite management console.