Intelligent Threat Management

Combine powerful integrated security technologies and emerging threat intelligence from leading threat feeds and the open source community for unparalleled threat management in a totally managed solution.

Accelerated Incident Response and Threat Management

The AnchorPoint Integrated Threat Response (ITR) service helps you achieve coordinated threat detection, incident response and threat management by leveraging the advanced security capabilities of our Security Operations Center (SOC). AnchorPoint consolidates threat detection capabilities like network IDS and host IDS with granular asset information, continuous vulnerability assessment, and behavioral monitoring, which provides you with the complete visibility you need for effective response.

Day One Results

AnchorPoint ITR is deployed in hours, sending you actionable threat data on day one.

With AnchorPoint ITR for incident response and threat management, you can quickly:

  • Identify, isolate, and investigate indicators of compromise (IOCs) before damage can occur
  • Correlate security events with our integrated vulnerability scan data and global threat intelligence to prioritize response efforts
  • Gain essential insight into attackers’ intent as well as techniques
  • Respond to emerging threats with detailed, context-specific “how to” guidance for each alert
  • Validate that existing security controls are functioning as expected
  • Demonstrate to auditors and management that your incident response program is robust and reliable
security intelligence graph

Who needs Integrated Threat Response (ITR)?

Bank, Credit Unions, Health Clinics, Law Firms, Hospitals, Insurance Companies, Retail chains

Visualize and Map Threats

Intelligent Threat Management with Kill Chain Taxonomy

With the constantly evolving nature of most threats, it can be difficult to address every incident and alert that occurs in your environment. Effective incident response requires successful threat management and prioritization. However, standard methods of prioritization are very time consuming and flawed.

AnchorPoint uses a Kill Chain Taxonomy to make threat management and prioritization easy. The Kill Chain Taxonomy approach allows you to focus your attention on the most important threats by breaking attacks out into five threat categories, from highest to lowest. This shows you attack intent and threat severity, and provides you with the detailed contextual threat information you need to help you understand how they’re interacting with your network. AnchorPoint’s SOC Analysts deliver this information to Integrated Threat Response (ITR) customers by custom dashboard, or e-mailed report.

  • System Compromise – Behavior indicating _ compromised system.
  • Exploitation & Installation – Behavior indicating _ successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

Visualize and Map Threats

Leverage the power of multi-source threat intelligence aggregated by the AnchorPoint SOC

Without dynamic threat intelligence aggregated from across the world, any threat management program remains woefully incomplete – without focus or prioritization. Organizations need to understand WHO the bad actors are, WHERE threats may reside within your network, WHAT to focus on, and HOW to respond when threats are detected.

Automated threat intelligence updates from industry leaders and the open source community enables AnchorPoint ITR customers to identify key IOEs (Indicators of Exploit) and IOCs (Indicators of Compromise) such as:

  • Escalation of privilege for specific user accounts
  • Command and control activity (C&C traffic)
  • Suspicious system activity, which could connote system compromise
  • Unauthorized access attempts by authorized user accounts
  • Escalation of privilege for specific user accounts
  • Abnormal network flows and protocol usage
  • Malware infections (botnets, Trojans, rootkits, and more)

Additionally, thanks to our built-in event correlation rules, you can detect specific sequences of any of the above indicators to capture advanced persistent threats (APTs) and low-and-slow attacks missed by the point solution vendors.