Transforming 24/7 Intrusion Tracking into Actionable Cyber Security Intelligence
Kroll’s CyberDetectER™ network monitoring service is the premier security solution for cyber threats facing your business. Our multifaceted CyberDetectER™ solution integrates Kroll’s industry-leading cyber security expertise with powerful, 24/7 monitoring technology that is continuously on the hunt for network intrusions. Add in timely, smart alerts as well as detailed regular reports, and Kroll’s CyberDetectER™ service delivers cyber threat intelligence you can act on with confidence.
Kroll’s CyberDetectER™ Solution Delivering A Superior Alternative
Frequently, abnormal activity or malicious software can be traced to a computer network’s endpoints. Common endpoints include the devices that your employees use every day, such as desktop computers and laptops.
Cyber attacks to your network can operate in myriad ways — from an insider accessing restricted client information, to hackers gaining access by tricking an employee or by defeating authentication protocols. However, the technical evidence of the intrusion remains the same — but a trail of malicious activity may or may not trigger an alert with your IT team. Compounding the problem, some monitoring programs generate countless alerts, including for innocuous events, which contributes to not only security team fatigue, but risks the possibility of dismissing a real threat as a false alarm. Kroll’s CyberDetectER™ network monitoring solution changes this dynamic by connecting powerful 24/7 monitoring technology with Kroll’s industry-leading cyber security expertise.
On average, hackers go undetected on financial services networks for more than three months; for retail companies, the “dwell time” is more than six months.“Attackers Dodge Detection On Retailers’ Networks For Average Of 197 Days: Study.” Securityweek.com. N.p., 2016. Web.
On the hunt 24/7: detecting, identifying, and isolating threats
Working continuously in the background, Kroll’s CyberDetectER™ network monitoring service is always hunting for signs of intrusions or data removal. It uses industry-leading threat intelligence watch lists, databases, and feeds, as well as indicators of compromise that Kroll has discerned from our investigative work. Our core search data is further updated by the information gleaned from our incident response teams worldwide, enabling our CyberDetectER™ solution to detect and recognize anomalies that other programs might miss.
Expert evaluation of threat dynamics; technical and human factors
Using advanced analytic methodologies, tools, and skill sets, Kroll will monitor and review potential threat indicators. With honed skills in both technology and investigations, many of Kroll’s experts are former members of law enforcement agencies, including the FBI, United States Secret Service, Department of Homeland Security, and State Attorneys General Offices. They have also served with leading cybersecurity consulting and research firms, and large corporate cybersecurity teams. Our team has the knowledge and perspective to escalate credible threats while also reducing the number of alerts and resulting burden on your IT security team.
Timely escalation of credible threats with actionable intelligence
Because our solution has continuous recording and live response capabilities, it allows your responders to “go back in time” to see what happened on any affected endpoint device. You can also remotely inspect the device, isolate it from the network, and stop attacks in their tracks. As a supplementary service to Kroll’s CyberDetectER™ network monitoring service, our investigators and incident response team can work in conjunction with your internal teams and legal counsel to uncover and understand both the technical and human factors involved in the event.
Regular summaries with meaningful metrics, visibility into network health
The sum of activity captured by Kroll’s CyberDetectER™ network monitoring service can provide you with valuable insight into your network’s health — as well as data and metrics that can be used to determine future investments in cyber security. Our regular summaries can include:
- Number of endpoints covered
- Number of alerts Kroll reviewed
- Number of notifications Kroll escalated to your attention
- Threat level of each notification
- Watchlist maintenance report
In 75 percent of attacks, data exfiltration starts within minutes.“The Industrialization Of Hacking.” The Network. Newsroom.cisco.com. N.p., 2016. Web.
|Kroll’s CyberDetectER™ network security monitoring service can deliver a wide range of benefits:
Real-time visibility into active issues and rapid determination of credible threats
Faster shutdown of malicious activity
Smarter reporting to optimize your subsequent response
Assistance from leading experts in analyzing, recognizing, and defusing threats
Lower investigative and e-discovery costs
Enables reconstruction of the timeline of the attack in minutes rather than the weeks or months common with traditional forensic methods, potentially lowering costs
Helps establish the scope of an incident by quickly identifying only the endpoints
As a supplementary service, forensic evidence can be collected and analyzed through Kroll’s global office locations
Compliance with regulations requiring proactive network monitoring