Stage 4 - Behaviour Learning
Behaviour learning is a powerful method of understanding what is normal in your network and spotting any abnormal behaviour that could be an indication of a problem.
Rebasoft constantly monitors what is on your network and what it is doing. This is done in an efficient, unobtrusive way that is easy to deploy and flexible enough to cope when you need to change anything.
- Identify systems suspected of spreading malware
- Spot systems that maybe sending unusually large volumes of data
- See users connecting to networks - such as TOR - in order to hide their activity from you
- Detect "when a printer is not a printer", which may be used to hide a cyberattack
If Rebasoft sees this abnormal activity going on in your network, you have a range of options to chose from:
- Get Rebasoft to automatically disconnect a user PC from the network, so you can have time to respond without the threat spreading
- If not critical, alert your IT team so that they can decide on a course of action
- If a minor event, log the information for future analysis
- Automatically identify & stop the spread of ransomware
- Detect & respond to bad behaviour
- Spot data leakage that might lead to GDPR breaches
How it works:
Using existing network telemetry*, Rebasoft easily understands the communications between every type of system connected to the network. It does this without needing to install software onto those devices. This means it can detect traffic from PC's, Servers, printers and, indeed, any type of connected system.
Unlike many systems in the market, Rebasoft does not need to guess or apply "Artificial Intelligence", we know what type of devices are there and assess every communication to & from them.
- Discover your network, learning its details
- Classify and authorise edge connections between known network equipment
- Fast, easy to understand workflow for your to confirm unknown edges
- Automated tracking of any changes to the network edge
* Rebasoft uses NetFlow (or a variant like sFlow) available on most enterprise class network switches, most businesses will already be using this. NetFlow is more secure & cheaper than installing software agents on device to collect data.
Malware detection (and spread prevention)
Automatically spot east-west traffic and correlate with connection to command & control to trackdown malware infections.
Critical device protection
Enables you to protect systems where you cannot deploy anti-virus systems
Catch unusual behaviour or unsecured access to key systems in your infrastructure
Data exfiltration detection
Identify and stop unusually large transfers of information out of your organisation, identying potential GDPR breaches early
Spot where users try to access known malware or TOR network VPN
Reducing the time from infection to detection to response