caplon network detection & response
Detect unusual behaviour and cyber attacks at an early stage before major damage is done
Attackers who have overcome signature-based protection mechanisms (Next Generation Firewall and IDS systems) are almost impossible to detect without suitable tools. They remain invisible for weeks and months. At the same time, undetected data exfiltration (outflow of sensitive data) or ransomware (blackmail) can cause considerable, irreversible damage with costs that cannot be estimated.
However: Attackers always leave traces. caplon© network detection & response provides your security & operation teams with valuable indications through innovative algorithms and machine learning processes in order to detect such anomalies at a very early stage of the attack and thus avoid consequential damage.
Transparency: overview of all processes taking place in the network
- Visualisation of all communication relationships to detect unusual and unwanted communication
- "Time-dependent" monitoring of communication relationships (e.g. remote maintenance access at night)
- Detection of unusual services and shadow IT
- Analysis of various metrics for different communication flows
- Dynamic-adaptive detailed analysis: from flow overview view, to detailed network packet level view
Network Detection: Detection of unusual behaviour
- Detection of zero-day exploits through behavioural analysis
- Detection of attacks by internal perpetrators
- Early detection of unusual system and user behaviour (e.g. unusually high number of requests)
- Detection of (horizontal & vertical) port scans
- Detection of command & control channels
- Check against blacklists
- Detection of data exfiltration/outflow
Response: Efficient investigation of security incidents
- Permanent circumstantial evidence through continuous network recording ("the flight recorder for the network")
- Access to all details of network packets for forensic analyses
- Targeted shutdown of systems through information on the possible spread of malware
- Integration of information from other systems via open interfaces for a comprehensive overall picture
- Low false positive rate
Advantages with caplon network & service monitoring
A tool for operation and security
- Detection of technical faults and cyberattacks
- Uniform view of the network for operation & security teams - "Breaking The Silos".
- Can be combined with caplon© Network & Service Monitoring
Manageable solution
- suitable for medium-sized companies and corporate groups: intuitive, user-friendly, controllable
- Understandable alarms through explainable AI
- Qualified support - technicians talk to technicians
- Managed service on demand
Identify – Detect – Respond
- can be used in 3 of 5 NIST action levels to reduce cyber security risks
- Identification of all systems and communication flows
- Detect zero day exploits through behavioural analysis
- Provision of indications to take the right measure
KRITIS Ready
- caplon© meets 100% of the requirements for an anomaly detection system according to BSI CS 134
- trustworthy solution - Made in Germany
- complete development in Germany - minimized risk for supply chain attacks
Classification of the solution among the multitude of technological approaches.
- DPI and flow-based behavioural analysis / NDR is an essential component for protecting the IT/OT infrastructure.
- together with NG Firewalls/IDS systems and Endpoint-Protection (IT area) it offers the almost perfect protection
key advantages:
- Detection of zero day exploits
- detection of internal attacks
- Usable results from day 1
- manageable solution
- one tool for operation and security teams