AnchorPoint Integrated Threat Response (ITR) is an all-in-one managed service solution for complete network security monitoring and intrusion detection. We can deploy ITR in less than one hour and get actionable insights within minutes of installation.
Get all of the essential security capabilities you need from our Integrated Threat Response service, powered by our Security Operations Center (SOC). It’s the fastest, easiest way to get a complete picture of your network’s security status, with actionable threat intelligence to respond to threats and vulnerabilities quickly.
Know what’s connected to your network.
Baseline “normal behavior” and spot suspicious activity.
Find, verify, and remediate vulnerabilities.
AAutomate event correlation and get full threat context
Catch threats anywhere within your network.
In order to secure your network, first you need to know what you have to protect. You need a simple, reliable way to know what’s connected to your network and the information required to make sense of the activities occurring on, and from, your assets suspected to be compromised.
AnchorPoint ITR provides built-in asset discovery to:
With ITR, you get three core discovery and inventory technologies for full visibility into the devices that show up on your network.
With ITR, our SOC can identify hosts on your network and their installed software packages by passively monitoring and inspecting the traffic. Information collected includes:
As part of the ITR service, our SOC can also gently probe the network to coax responses from devices. These responses provide clues that help identify the device, the OS, running services, and the software installed on it. It can often identify the software vendor and version without having to send any credentials to the host.
An optional, lightweight, host-based agent provides an additional, more granular level of visibility. By enumerating all the software installed on the machine, the agent greatly extends, deepens, and enhances your understanding of the devices on your network, resulting in a much more dynamic and accurate inventory.
The more you remove known vulnerabilities the more work attackers have to expend to successfully breach it. Save time improving your security posture by having our SOC kick off scans, report, and contain all the information you need to assess and remediate vulnerabilities quickly.
With ITR, our SOC provides built-in vulnerability assessment to:
With ITR, you get a fast, effective way to expose your network’s vulnerabilities now and the means for continuously identifying insecure configurations, along with unpatched and unsupported software over time. Our SOC can mix and match the following features as needed.
Actively probes hosts using carefully crafted network traffic to illicit a response. This can be viewed as “poking” for suspected vulnerabilities in IT assets.
Also known as passive vulnerability detection, the AnchorPoint SOC correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. This provides valuable vulnerability information while minimizing network noise and system impact.
Conducts scans without requiring host credentials. This scan probes hosts with targeted traffic and analyzes the subsequent response to determine the configuration of the remote system and any vulnerabilities in installed OS and application software.
Conducts scanning on an authenticated basis. This entails access to the target host’s file system, to be able to perform more accurate and comprehensive vulnerability detection by inspecting the installed software and its configuration
Attacks aren’t all or nothing – they happen in multiple steps, so you want to detect them early and stop attackers in their tracks. Catching and responding to threats early requires that you gather a variety of threat vectors to know who, what, where, when and how of attacks.
AnchorPoint ITR provides built-in intrusion detection to:
With ITR, you get asset discovery and vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM (log management, event correlation, analysis and reporting) to get the complete view you need to effectively monitor the security of your network. Our SOC combines all these views into one, allowing you to cut through the noise and see the information that really matters.
Built-in intrusion detection software including Snort and Suricata provides signature-based anomaly detection, and protocol analysis technologies. This enables our SOC to identify the latest attacks, malware infections, system compromise, policy violations, and other exposures.
Built-in host-based intrusion detection software analyzes system behavior and configuration status to track user access and activity as well as identify potential security exposures such as:
“I like the multi-layered approach AnchorPoint takes to addressing our security concerns.” – Shawn Livermore, CEO at Ziptask
In order to catch the latest threats, you need a way to identify anomalies and other patterns that may signal new, unknown behavior. Behavioral monitoring enables you to spot and investigate suspicious network activity, as well as provides the traffic data required to reveal the events that occurred in a potential security breach.
AnchorPoint ITR includes behavioral monitoring to:
ith AnchorPoint ITR, you get multi-layered network security monitoring to detect known threats, catch network activity with known malicious hosts, and spot suspicious activity that could signal a new, unknown threat.
rovides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.
erforms network behavior analysis without needing the storage capacity required for full packet capture. Network flow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response.
Allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.
During security incidents and investigations, you need to get to the culprit as quickly as possible. This can be complicated when mountains of security-relevant data are continuously being produced. By automating the correlation of real-time events AnchorPoint’s SOC can gather all of the puzzle pieces in a single view and quickly present meaningful details to you.
AnchorPoint ITR provides built-in SIEM to:
With ITR, you get the complete picture for every incident and built-in guidance provided by the AnchorPoint SOC team. When you’re network is under attack you’ll have all the security-related information you need in one place to see what happened and what to do about it.
For IDS-generated events, which by themselves can be quite noisy, AnchorPoint’s SOC does a lookup from the ITR monitoring console to see what vulnerabilities that attack needs for the exploit to be successful. Then, our team does an asset lookup to see if the asset is actually vulnerable and to determine the risk profile of the asset. All of this data is then correlated so that you are able to focus in on the information that really matters most.
An alert might identify that a host on your internal network is attempting to connect to a malicious external host. The dynamic incident response guidance would include details about: