CyberDefense NDR

VISIBILITY AND MONITORING

The redborder Platform provides comprehensive visibility and monitoring across network environments, ensuring organizations can maintain full control and situational awareness of their infrastructure. It enables:

• Monitoring and Analysis of Network Traffic Flows: Continuous capture and inspection of all network traffic, both internal and external, to identify usage patterns, potential threats, and performance bottlenecks.

• Inventoried and Non-Inventoried Device Management: Real-time tracking and classification of all devices connected to the network, including both previously known (inventoried) and unknown (non-inventoried) assets.

• Discovery, Identification, Inventorying, and Profiling of Connected Devices: Leveraging Deep Packet Inspection (DPI) technologies, the platform discovers and classifies diagnostic and treatment equipment connected to both LAN and Wi-Fi networks, creating detailed profiles to assist in risk management and operational planning.

• Communication Maps: Dynamic visualization of network relationships, highlighting communications between devices to support forensic analysis, threat detection, and network optimization.

SECURITY FUNCTIONALITIES AND CAPABILITIES

The redborder Platform delivers a wide range of advanced security functionalities to proactively defend and respond to cybersecurity threats:

• Global Security Status Overview: A centralized and real-time visualization of the overall security posture of the network, facilitating quick assessments and strategic decision-making.

• Risk and Vulnerability Identification: Automated detection and reporting of vulnerabilities and risky behaviors across assets, helping prioritize remediation efforts.

• MITRE ATT&CK Matrix Integration: Threats and vulnerabilities are mapped against the MITRE ATT&CK framework, providing a standardized understanding of adversarial tactics and techniques.

• Security Monitoring and Threat Detection: Continuous monitoring of network traffic to identify anomalies, malicious activities, and policy violations.

• Anomaly and Threat Detection: The platform uses behavioral analysis, machine learning, and signature-based methods to detect anomalies, suspicious patterns, and malicious traffic with high accuracy.

• Optimal Threat Detection and Response Capabilities: Designed to minimize false positives while ensuring rapid threat identification and efficient incident response.

• Threat Hunting Capabilities with redborder:

  • Introduction: Empowering security analysts to proactively search for threats that evade traditional security controls.

  • Objectives: Identify unknown threats, reduce dwell time, and improve overall threat detection capabilities.

  • Stages:

    • Hypothesis Generation: Formulating assumptions based on existing data and threat intelligence.

    • Investigation: Deep dive into network traffic, endpoint activity, and logs to validate hypotheses.

    • Automated Analysis: Utilizing redborder’s analytics engine to process and correlate large volumes of data.

    • Pattern Discovery: Identifying indicators of compromise (IOCs) and attacker techniques through iterative analysis.

  • Using redborder for Threat Hunting: Leveraging its visualization tools, data lake integration, and advanced search capabilities to systematically and efficiently hunt for threats.

• Manual and Automated Incident Response: The redborder Platform facilitates both manual and automated incident responses through the use of customizable playbooks and seamless integration with its threat hunting functionalities, ensuring rapid containment and mitigation of security incidents.

DASHBOARDS AND ADVANCED SECURITY REPORTING

• Advanced Reporting Capabilities: The platform provides sophisticated reporting features that allow users to generate detailed security analyses, compliance reports, and executive summaries, all customizable to specific organizational needs.

• Scheduling and Configuring Specialized Reports: Users can schedule or create tailored security reports that can be automatically sent to relevant stakeholders or integrated into third-party visualization tools and analysis platforms for deeper exploitation and operational use.