AnchorPoint Security » Network Security

Network security monitoring solution we can deploy in less than one hour

Get Complete Network Security

Visibility, Quickly & Easily

AnchorPoint Integrated Threat Response (ITR) is an all-in-one managed service solution for complete network security monitoring and intrusion detection. We can deploy ITR in less than one hour and get actionable insights within minutes of installation.

  • Know what’s connected to your network
  • Identify vulnerable systems and how to remediate
  • Detect threats and activity with known malicious hosts
  • Baseline network behavior and spot suspicious activity
  • Investigate incidents with automatically correlated data
  • Determine what to do next with step-by-step guidance

AnchorPoint Integrated Threat Response

Complete security visibility and threat intelligence from a single integrated solution

Get all of the essential security capabilities you need from our Integrated Threat Response service, powered by our Security Operations Center (SOC). It’s the fastest, easiest way to get a complete picture of your network’s security status, with actionable threat intelligence to respond to threats and vulnerabilities quickly.

5 Essential Security Capabilities – All in One Console


Asset Discovery

Know what’s connected to your network.

  • Active network scanning
  • Passive network monitoring
  • Asset inventory
  • Host-based Software Inventory (optional)

Behavioral Monitoring

Baseline “normal behavior” and spot suspicious activity.

  • Log Collection
  • Netflow analysis
  • Service availability monitoring
  • Full packet capture

Vulnerability Assessment

Find, verify, and remediate vulnerabilities.

  • Network vulnerability testing
  • Continuous vulnerability monitoring


AAutomate event correlation and get full threat context

  • SIEM Correlation
  • Incident response guidance
  • Reporting and alarms

Intrusion Detection

Catch threats anywhere within your network.

  • Network IDS
  • Host IDS
  • File integrity monitoring

Asset Discovery

We will discover, inventory, and start monitoring your network in minutes


In order to secure your network, first you need to know what you have to protect. You need a simple, reliable way to know what’s connected to your network and the information required to make sense of the activities occurring on, and from, your assets suspected to be compromised.

AnchorPoint ITR provides built-in asset discovery to:

  • Determine what’s on your network at any given time
  • Know when new servers and endpoints are attached
  • Be certain of how your devices are configured
  • Correlate asset info with threat and vulnerability data
  • Accelerate investigations of impacted assets

With ITR, you get three core discovery and inventory technologies for full visibility into the devices that show up on your network.

Passive Network Monitoring

With ITR, our SOC can identify hosts on your network and their installed software packages by passively monitoring and inspecting the traffic. Information collected includes:

  • IP and hardware MAC address pairings, used for inventorying
  • and to detect MAC spoofing
  • IP header analysis to identify operating systems and running software packages
  • TTCP/IP traffic analysis for OS fingerprinting and basic network topography

Active Network Scanning

As part of the ITR service, our SOC can also gently probe the network to coax responses from devices. These responses provide clues that help identify the device, the OS, running services, and the software installed on it. It can often identify the software vendor and version without having to send any credentials to the host.

Host-Based Software Inventory

An optional, lightweight, host-based agent provides an additional, more granular level of visibility. By enumerating all the software installed on the machine, the agent greatly extends, deepens, and enhances your understanding of the devices on your network, resulting in a much more dynamic and accurate inventory.

Vulnerability Assessment

Find, verify, prioritize, and fix your network security risk quickly

The more you remove known vulnerabilities the more work attackers have to expend to successfully breach it. Save time improving your security posture by having our SOC kick off scans, report, and contain all the information you need to assess and remediate vulnerabilities quickly.

With ITR, our SOC provides built-in vulnerability assessment to:

  • Correlate asset info with vulnerabilities and threats
  • Prioritize vulnerabilities based on risk severity
  • Conduct false-positive analysis
  • See vulnerability info and how to remediate it
  • Keep your scans up to date on new vulnerabilities

With ITR, you get a fast, effective way to expose your network’s vulnerabilities now and the means for continuously identifying insecure configurations, along with unpatched and unsupported software over time. Our SOC can mix and match the following features as needed.

Active Network Scanning

Actively probes hosts using carefully crafted network traffic to illicit a response. This can be viewed as “poking” for suspected vulnerabilities in IT assets.

Continuous Vulnerability Monitoring

Also known as passive vulnerability detection, the AnchorPoint SOC correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. This provides valuable vulnerability information while minimizing network noise and system impact.

Unauthenticated Scanning

Conducts scans without requiring host credentials. This scan probes hosts with targeted traffic and analyzes the subsequent response to determine the configuration of the remote system and any vulnerabilities in installed OS and application software.

Authenticated Scanning

Conducts scanning on an authenticated basis. This entails access to the target host’s file system, to be able to perform more accurate and comprehensive vulnerability detection by inspecting the installed software and its configuration

Intrusion Detection

We’ll catch threats anywhere within your network


Attacks aren’t all or nothing – they happen in multiple steps, so you want to detect them early and stop attackers in their tracks. Catching and responding to threats early requires that you gather a variety of threat vectors to know who, what, where, when and how of attacks.

AnchorPoint ITR provides built-in intrusion detection to:

  • Provide network and host-based IDS
  • Correlate threat data with vulnerability and asset info
  • Determine and investigate impacted systems
  • Detect network activity with known malicious hosts
  • Catch new threats with continuous threat intelligence

With ITR, you get asset discovery and vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM (log management, event correlation, analysis and reporting) to get the complete view you need to effectively monitor the security of your network. Our SOC combines all these views into one, allowing you to cut through the noise and see the information that really matters.

Network Intrusion Detection (IDS)

Built-in intrusion detection software including Snort and Suricata provides signature-based anomaly detection, and protocol analysis technologies. This enables our SOC to identify the latest attacks, malware infections, system compromise, policy violations, and other exposures.

Host-based Intrusion Detection (HIDS) and File Integrity Monitoring (FIM)

Built-in host-based intrusion detection software analyzes system behavior and configuration status to track user access and activity as well as identify potential security exposures such as:

  • System compromise
  • Modification of critical configuration files (e.g. registry settings, /etc/passwd)
  • Common rootkits
  • Rogue processes

“I like the multi-layered approach AnchorPoint takes to addressing our security concerns.” – Shawn Livermore, CEO at Ziptask


Behavioral Monitoring

Baseline network behavior and spot suspicious activity

In order to catch the latest threats, you need a way to identify anomalies and other patterns that may signal new, unknown behavior. Behavioral monitoring enables you to spot and investigate suspicious network activity, as well as provides the traffic data required to reveal the events that occurred in a potential security breach.

AnchorPoint ITR includes behavioral monitoring to:

  • Identify protocols and baseline “normal behavior”
  • Spot anomalies, policy violations, and suspicious activity
  • Monitor system services and detect unexpected outages
  • Conduct full protocol analysis on network traffic

ith AnchorPoint ITR, you get multi-layered network security monitoring to detect known threats, catch network activity with known malicious hosts, and spot suspicious activity that could signal a new, unknown threat.

Service and Infrastructure Monitoring

rovides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.

Network Flow Analysis

erforms network behavior analysis without needing the storage capacity required for full packet capture. Network flow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response.

Network Protocol Analysis / Packet Capture

Allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.


Automate correlation, get threat context, and know what to do next

During security incidents and investigations, you need to get to the culprit as quickly as possible. This can be complicated when mountains of security-relevant data are continuously being produced. By automating the correlation of real-time events AnchorPoint’s SOC can gather all of the puzzle pieces in a single view and quickly present meaningful details to you.

AnchorPoint ITR provides built-in SIEM to:

  • Offer 2,000 correlation directives out of the box
  • Cross-correlate asset, threat, and vulnerability data
  • Calculate security risk and prioritize investigation
  • Use a single pane of glass for investigations
  • Determine appropriate response for every alarm

With ITR, you get the complete picture for every incident and built-in guidance provided by the AnchorPoint SOC team. When you’re network is under attack you’ll have all the security-related information you need in one place to see what happened and what to do about it.

SIEM in Action (an example):

  • A port scan is detected by your firewall and an alarm is generated in our SOC’s ITR monitoring console.
  • In our ITR monitoring console, the source address of the scan is correlated with the destination address of an SSH session from an internal host. A lookup in the asset inventory automatically identifies the risk profile of the internal host and determines that the host is critical to business operations. This identifies it as a critical security incident.
  • The AnchorPoint SOC scans the compromised host for other vulnerabilities and it is found to be missing a critical security patch.
  • A ticket is generated by AnchorPoint’s team to patch the compromised host. The compromised host is patched and returned to service.
  • A complete forensic analysis for the past 30 days is run for the compromised host from the AnchorPoint SOC to determine if additional corrective action is required.

Cross-Correlation in Action

For IDS-generated events, which by themselves can be quite noisy, AnchorPoint’s SOC does a lookup from the ITR monitoring console to see what vulnerabilities that attack needs for the exploit to be successful. Then, our team does an asset lookup to see if the asset is actually vulnerable and to determine the risk profile of the asset. All of this data is then correlated so that you are able to focus in on the information that really matters most.

Incident Response Guidance in Action

An alert might identify that a host on your internal network is attempting to connect to a malicious external host. The dynamic incident response guidance would include details about:

  • The internal host such as owner, network segment, and software that is installed
  • The network protocol in use and specific risks associated with it
  • The external host and what exploits it has executed in the past
  • The importance of identifying potential C&C (command and control) traffic
  • Specific actions to take for further investigation and threat containment – and why you should take them