TXEcoSystem

Advanced protection for endpoints and datacenter servers against zero-day attacks, without requiring patches

OVERVIEW

TXEcosystem provides a real-time protection guard for datacenter servers and endpoint systems against known and zero-day attacks, either from hackers or malware, all without requiring rushed patch deployments.

It targets one of the major challenges in securing enterprise environments, how to reduce the asymmetric advantage enjoyed by attackers where they often only need to compromise one weakness, while defenders scramble to prioritize and fix scores of vulnerabilities.

TXEcosystem aggregates and analyzes millions alerts and logs from IPS/FW/WAF/SIEM and endpoint systems, in order to protect against known attacks and automatically launch investigations on pre-attack reconnaissance and attacking incidences. It decodes the new attack method and conducts real-time penetration tests across the network to find the similar weaknesses in order to block a real
attack, if such an attack is launched.

 

HIGHLIGHTS

  • Advanced endpoint and server protection against malware, fileless threats and hacking
  • Provides early insights on new attacks methods
  • Performs testing on other enterprise systems to identify which ones have similar weaknesses and protects them
  • Mitigates attacks against those newly discovered unpatched or exposed systems
  • Detects and blocks APT and zero-day attacks without requiring patches
  • Reduces the number of false or irrelevant security alert

DEPLOYMENT

TriagingX Analyzer Server

  • Physical/VM server with minimum of 16 cores, 32G RAM, 2T HD, 1x1G NIC, or
  • Physical/VM server with minimum of 4 cores, 16G RAM, 200G HD
  • TriagingX Network Sniffer (Option)
  • Download iso image from TriagingX support
  • Install and configure the systems

TriagingX Client

  • Deliver installation package to each system that will be protected by Advanced Security Ecosystem
  • Activate the installation package, msi, file to automatically complete the installation procedure
  • The agent will automatically launch without requiring a system reboot

OPERATIONS

  • TriagingX’s proactive agent installed on each business endpoint, workstation or server, constantly monitors suspicious behaviors and early indicators of attacks, sending this data to the analyzer server for correlation analysis.
  • Other inputs, such as syslog, SIEM, system events and third-party intelligence can also be sent to the analyzer server
    for integrated analysis.
  • TriagingX’s optional network sniffer, sitting on switch’s span port, constantly monitors suspicious network contents, protocol violations, early attack indicators, also sends data to the server for correlation analysis.
  • TriagingX Analyzer server automatically connects to multiple Sandboxes to perform behavior analysis on suspicious files and URLs
  • Using the web based GUI interface the threat hunter can also acquire a snapshot from a remote endpoint system that is involved in triage process

SPECIFICATIONS

Target System :                                 Windows 7, 8, 10, 2008R2
Analyzer Server :                               Physical or VMWare Server (ISO Image contains Centos 7.0)
3rd Party Intelligence :                     RestAPI (VT)
Report Format :                                 PDF