Invisiron
Fortify Your Network Defence with Invisiron’s Cyber Defence Platforms
Introduction
Many of the security solutions on the market today focus on threat detection and do not provide
defence mechanisms to automatically mitigate cyber attacks and to keep attackers out of the network.
Instead, most legacy solutions focus on passive threats detection and rely on the use of a Security
Information and Event Manager (SIEM) software suites, coupled with manpower, to analyse and
correlate these threats. This is insufficient and ineffective at protecting against any of the more
sophisticated attack types we see today.
Invisiron’s Cyber Defence platforms have been designed using state of the art cybersecurity techniques.
This paper will outline and describe how Invisiron protects a network from the more sophisticated cyberattacks
we see today. It will identify some of the shortfalls inherent in legacy security solutions and
provide insights into the weaknesses in networks and how they can be better protected.
Modern Defence Strategies
Invisiron believes that, as a primary line of defence, an organisation’s network must be defended from
a point as close to their Internet gateway as possible. This means installing a capable cyber defence
platform immediately after the Internet router and in front of the organisation’s primary switch or
firewall. It may also involve installing devices strategically located immediately in front of critical assets
or at key gateway points in the network. This deployment allows for preventing intrusions and mitigating
attacks before they reach inside the network or asset. Stopping attacks before they take a foothold in
the network is the foundation of modern cyber defence. Most people will agree that keeping an intruder
out of the network should be the primary goal of any security solution.
Invisiron’s Cyber Defence platforms have been designed in a unique way that allows them to be installed
inline between an Internet router and a firewall, in front of critical assets, or at key gateway points in the
network. Packets can be inspected in real-time as they pass through the platform and in both directions
(inbound and outbound protection). Malicious packets can be dropped instantly before they have a
chance to enter the network or infect a key asset and before vital information leaves the network.
It is crucial to monitor packets flowing in both directions at your organisation’s Internet gateway. Often
it is believed that network security is about monitoring incoming packets from the Internet. This is only
half the truth. it is equally important to monitor outgoing traffic as well. For example, should a malware
successfully infiltrate the network i.e. via a thumb drive or other media, there is then a chance it can be
detected by monitoring the outgoing traffic it generates.
The current state of the art in defence strategies require in-line hardware-based protection which can
not only analyse all traffic in both directions but can do so at or near line rate (no impact on system
latency). The system must, at a minimum, provide detection engines for malicious data signatures, DGA
generated domains, tracking and blocking of Tor exit nodes, targeted rate limiting, as well as traditional
IP & Domain reputation detection. More advanced methods should include the ability to expand the
detection of packet signatures to more complex rules to provide detection and protection against
protocol-based attacks or pre-indicators of a potential attack such as scan attempts. Importantly all
Invisiron’s Cyber Defence platforms provide these functionalities and more while being capable of
monitoring and protecting traffic in both directions (bi-directionally) at any point in the network.
Complementing an invisiron technology based Defence
Many potential clients ask “Is it enough to just deploy the Invisiron’s cyber defence platform in my
network?” The answer is no! Strong cyber defence is all about using complimentary cyber defence
products that each handle a certain aspect of defence.
Invisiron Cyber Defence platforms will, at best, be able to detect and stop approximately 70-80% of
attack attempts faced by organisations today. The remaining 20-30% of attacks will make their way
through the defence and into the network. This may result in gaining a foothold in the network unless
the defence platform is complemented by other solutions. One example is malicious emails. A user
might click on an email with a specially crafted link in it. This results in a ransomware infection. The best
way to protect against this is to deploy an email filtering product such as McAfee or Norton. Another
example is an employee that brings in their personally owned laptop or smart phone to the organisation
and connects it to the network. These devices might have been infected before it was introduced into
the network. This could allow malware to enter the network and cause harm without being detected
and blocked by the endpoint device. USB sticks are another source of infection, cases have been found
in the past where even brand new USB sticks straight from the manufacturer have been infected by
malware.
Depending on the level of security an organisation requires, complementary malware detection
solutions should always be installed and deployed along with Invisiron’s Cyber Defence platforms for
higher degree of protection.
Minimum network defence capabilities
A proper defence implementation for any network must include, at minimum, seven different types of
advanced cybersecurity capabilities:
- A traditional malicious IP address tracking engine
- A malicious Domain tracking engine
- A malicious URL tracking engine
- A domain generating algorithm (DGA) detection engine
- A Tor traffic detection and filtering engine
- A counterfeit SSL certificate tracking engine
- A deep packet inspection (DPI) engine
These engines all complement each other and offer very strong protection.
One of the common complaints by security auditors or researchers after an attack has occurred is the
lack of evidence available to determine exactly what has transpired and improve future defences.
Invisiron’s Cyber Defence platforms include full packet logging capabilities where the entire network
traffic for an attack is kept in a standard PCAP format which can be interpreted by network analysis
tools. This is vital in improving future protections and determining exactly what has transpired
particularly in cases of more sophisticated attacks.
© Invisiron® Pte Ltd. All rights reserved. | version 1 6
Cyber threat intelligence (CTI) is another key part in a comprehensive Cyber Defence. CTI is the act of
keeping the aforementioned engines constantly updated with new threat types.
Our application testing services include the following:
Reputation detection engine
DGA detection engine
TOR traffic detection engine
Ssl certificate tracking engine
Deep packet inspection (DPI) engine
Evidence collection and logging
Inline performance
Fault tolerance
Port bridging or bypass functionality
Remote monitoring
What our customers say about us:
Have some questions?
Whether you have questions about our services, pricing, appointments, or anything else, our team is ready to answer all your questions.
