Threat Analysis

Go from download to detection in as little as 30 minutes.

AnchorPoint delivers everything you need for complete visibility of your assets, vulnerabilities, and threats–all from one managed service.

Threat analysis is far from a trivial exercise, especially when you’re forced to use multiple tools that don’t share information. We know how frustrating it can be to attempt to detect and analyze threats amidst the dozens, hundreds, or thousands of routine-looking events that your log files are collecting every second.

Task your resources with incident response and let AnchorPoint handle the analysis. The AnchorPoint Integrated Threat Response (ITR) gives you enterprise-level security without tying up your resources. You get everything you need to for a complete view of your security posture.

AnchorPoint ITR accelerates and simplifies your ability to detect and analyze threats:

  • We locate and map all the assets on your network
  • We gather vulnerability data from all of your assets
  • Receive relevant, timely, and actionable threat intelligence filtered by our SOC
  • We prioritize the most significant threats targeting your network with Cyber Kill Chain Taxonomy
  • We drill down to investigate risks for additional context and remediation guidance

Who needs threat detection?

Banks, Credit Unions, Hospitals, Clinics, Law Firms, Retail…

Complete Security Visibility for Rapid Incident Response

Get all the details you need to know about the threats targeting your network.

Networks are constantly changing, making it difficult and time consuming to locate, inventory, and monitor all of the devices connected to your network.

With AnchorPoint Integrated Threat Response (ITR), you and your team get security and threat information about systems, data, and users that’s been vetted by our expert SOC Analysts, giving you complete security visibility and providing you with a comprehensive threat detection and compliance management solution that can easily save 70% on the Total Cost of Services (TCS) compared to trying to achieve the same level of protection in-house.

  • Automated Asset Discovery
    We conduct active or passive network scans of your environment and use host-based software inventory to find all connected assets and collect device data including OS, installed software, configuration, and more.
  • Continuous Vulnerability Monitoring
    We schedule and conduct unlimited authenticated or unauthenticated scans of your assets so you’re always on top of vulnerabilities, misconfigurations, default passwords, and more.
  • Easy Asset and Network Grouping
    We define segments of networks and assets that you need to keep a closer eye on. We can even work with you to assign values to better prioritize the criticality of threats targeting those.

Actionable Threat Intelligence from AnchorPoint’s SOC

Spend your scarce time mitigating threats, not researching them

IT teams of all sizes suffer from too much data and not enough information (or time), as security tools generate a steady stream of alerts about important (and not so important) activity. IT teams without deep security expertise are then required to conduct research into each alarm to understand the significance of each alarm and what to do about it.

AnchorPoint Integrated Threat Response (ITR) customers don’t have to worry about the deluge of data, because ITR eliminates the need for IT teams to spend precious time conducting their own research. The AnchorPoint SOC team works for you around the clock mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape. They also leverage global threat data from industry leaders and the open source community to provide global insight into attack trends and bad actors.

We don’t believe in point solutions. At AnchorPoint, our tools are totally integrated, which accelerates and simplifies threat detection and remediation. The cost to purchase and maintain point solutions is too high and getting value out of your single security appliance usually means dedicating a resource to a single product and that kills your ROI. Why buy one security appliance and pull resources to learn how to use an isolated box when you could pay the same amount for a full-suite enterprise security solution that’s driven by a top-tier SOC?

Totally integrated means everything speaks the same language:

  • Correlation directives – over 2,000 pre-defined rules that translate raw events into specific, actionable threat information. Regular updates to these rules ensure that you are covered on the latest threats.
  • Network IDS signatures – detect the latest threats in your network
  • Host IDS signatures – detect the latest threats targeting your critical systems
  • Asset discovery signatures – identify the latest operating systems, applications, and devices
  • Vulnerability assessment signatures – find the latest vulnerabilities on your systems
  • Reporting modules – provide new ways of viewing
    data about your environment and satisfying auditor
    and management requests
  • Dynamic incident response templates
    customized guidance on how to respond to
    each alert
  • Newly supported data source plugins – expand
    your monitoring footprint by incorporating data
    from third party tools
bugs-table-graphic

Prioritizing Threats Has Never Been Easier

AnchorPoint ITR leverages automated event correlation, backed by manual human review to give you the information you need to analyze threats targeting your systems and users.

Utilizing the Kill Chain Taxonomy, the tools in our SOC make it easy for our analysts to see what threats you need to focus on first. AnchorPoint provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond.

Kill Chain Taxonomy classifies threats into five categories and provides you with contextual information to help you understand attack intent and threat severity, based on interaction with your network.

  • System Compromise – Behavior indicating a compromised system.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.
Prioritizing Threats Has Never Been Easier
ids-eye.png

Consolidated Event Details

Accelerate your response work by analyzing related threat details filtered by the AnchorPoint Security Operations Center (SOC).

Related Event Details

See the directive event, the individual event(s) that triggered the directive event, and the correlation level of the directive rule.

You can click on any event to examine details such as:

  • Normalized event
  • SIEM information
  • Reputation of source and destination IP addresses
  • Knowledge base about the event
  • Payload of the packet triggering the event

Simplify Threat Analysis. Get Answers Faster Than Ever.

Powerful Analytics Uncover Threat and Vulnerability Details – All in One Console

Get to the bottom of who and what’s targeting your assets and what systems are vulnerable.

Search SIEM Events

You have the flexibility to conduct your own analysis. For example, you may want to search the SIEM database for events that came from the same host as the offending traffic triggering an alarm. AnchorPoint’s SOC Analysts are ready to help.

  • We display events stored in the database
  • We apply filters to help you find more granular data
  • We can sort by event name, IP address, and more

 

Inspect Packet Captures

AnchorPoint uses integrated packet capture functionality to capture interesting traffic for offline analysis. Packets can be viewed from the ITR customer portal using the Tshark tool, or you can download the capture as a PCAP file.

 

  • We can set capture timeout
  • We can select number of packets to capture
  • We can choose source and destination IP addresses to capture

 

Check Assets and Vulnerabilities

The AnchorPoint SOC team will search your asset inventory for assets involved with an alarm. Integrated vulnerability assessment scans indicate whether an attack is relevant by identifying vulnerable operating systems, applications and services and more. Yes, we show you this in an easy to understand format.

  • We’ll show you reported alarms and events by asset
  • We can modify your mitigation / remediation strategy based on presence of threats targeting vulnerable systems
  • We’ll correlate reported vulnerabilities with malicious traffic

 

Examine Raw Logs

AnchorPoint’s analysts will search for any raw logs that are related to activity reported by an alarm. For example, we’ll look for logs that are related to the source IP address that was reported in the alarm.

  • Raw logs are digitally signed for evidentiary purposes
  • We can filter by time range and search pattern
  • We can export raw logs as a text file