· pdf filep77c:4g#d?;;%'6782,423>/362 0%:; ... lookin g g lass scout visio n ª...
Post on 03-Feb-2018
219 Views
Preview:
TRANSCRIPT
SCOUTINTERXECT™
PAGE 1© 2017 LookingGlass™ Cyber Solutions. All rights reserved.
SCOUTINTERXECT™
Extend ScoutVision™ to Hunt Threats Within Your Network Walls
ScoutInterXect Analysts hunt internal threats, which are identified by gathering nfdump data. These threats can be organized by IP addresses, ports, or other network parameters.
Why Add-On ScoutInterXect?• Understand the threats that have made it inside your firewalls• Gain enhanced inward visibility for security forensics and
outward visibility for better preparedness• Enable faster incident response to threats in your environment• Obtain a more complete, holistic view of possible threats
LookingGlass ScoutInterXect™ is a plug-in for ScoutVision™ that enables analysts to hunt threats within their own environment and see how these might be interacting with threats outside their firewalls. By fusing the context of enterprise network traffic with global network and threat intelligence reporting, ScoutInterXect provides enhanced visibility, enterprise capability, and priority. Analysts can also further operationalize data for incident response and digital forensics.
LOOKINGGLASS SCOUTINTERXECT HARDWARE SPECIFICATIONSSI-1000 SI-2000 SI-3000
Performance (Flows/Second) 3,000 5,000 12,000
Depth 23.5 Inches / 597mm 24.8 Inches / 630mm
Power 180 – 240V, 60–50Hz, 750W 100-240V, 50-60Hz, 920W 100-240V, 50-60Hz, 920W
Memory 256GB RAM 256GB RAM 512GB RAM
Storage 2.4TB Storage 4.8TB Storage 6.4TB Storage
LOOKINGGLASS SCOUTVISION™ ARCHITECTURE
© 2017 LookingGlass™ Cyber Solutions Inc.
CORE INTELLIGENCEPROCESSORNORMALIZEDAGGREGATED CORRELATED CLASSIFIED
SCOUTINTERXECT
SCOUTVISION SECURITY ANALYSTS
NETWORK DEVICES
API
NETWORKFLOW RECORDS
INTERNETTHREAT DATA
DISTRIBUTION
COLLECTION
SCOUTINTERXECT™
PAGE 2© 2017 LookingGlass™ Cyber Solutions. All rights reserved.
ABOUT LOOKINGGLASS CYBER SOLUTIONS
LookingGlass Cyber Solutions delivers unified threat protection against sophisticated cyber attacks to global enterprises and government agencies by operationalizing threat intelligence across its end-to-end portfolio. Scalable threat intelligence platforms and network-based threat response products consume our machine-readable data feeds to provide comprehensive threat-driven security. Augmenting the solutions portfolio is a worldwide team
of security analysts who continuously enrich our data feeds and provide customers unprecedented understanding and response capability into cyber, physical and 3rd party risks. Prioritized, relevant and timely insights enable customers to take action on threat intelligence across the different stages of the attack life cycle. Learn more at https://www.lookingglasscyber.com/.
Know More. Risk Less.
Core Intelligence Processor (CIP) • Automatically gathers and distributes all publicly accessible threat data feeds, as well as
LookingGlass Machine-Readable Threat Intelligence.
FEATURES BENEFITS
LookingGlass Threat Intelligence Analysis team • Receive already analyzed and scored raw data that incorporates threat specific information
and provides a common set of classification and scoring information.
Active Forensic Reporting • Intuitive report structure that describes key activities in network investigations. These include tag and
directional traffic activity aggregates that are arranged by least or most active for a given timespan.
Focused Threat Correlation • Fuse and report context specific to your network operations with unmatched threat intelligence
management capabilities.
• Run ad hoc and daily reports across user-defined line of businesses, market sectors, and network
topology, including: country, ASN, CIDR, IP, and FQDN.
Features & Benefits of ScoutVision when Deployed with ScoutInterXect
Intelligence Filtering • Prioritize and maximize intelligence retention through filter correlations based on specific threat
intelligence and indicators.
Modular Ingest • Add new network communication information via open standard interfaces. Current version
supports NetFlow v1, v5, v7, and v9 and IPFIX via open standard interfaces.
Collaborative Investigations • Increase efficiency by using shareable links that provide fast access to specific research and reports.
top related