Cyphort Advanced Threat Defense Platform

  • Accurate
    Detection

    Defend your enterprise from the threats that matter most; across Windows, Mac OSX and Linux devices; across web, email and other applications.

  • Scale
    & Coverage

    Watch more traffic, go deep and wide in your network with our flexible, scalable, software-based, distributed platform.

  • Actionable
    Intelligence

    Don’t just detect threats, understand them for risk based prioritization. Use integrated mitigation to speed up resolution.

  • Reduced
    Costs

    Licensed by bandwidth not by locations. Reduce operational cost, respond with velocity.

Defend your enterprise from the threats that matter most; across Windows, Mac OSX and Linux devices; across web, email and other applications.

Watch more traffic, go deep and wide in your network with our flexible, scalable, software-based, distributed platform.

Don’t just detect threats, understand them for risk based prioritization. Use integrated mitigation to speed up resolution.

Licensed by bandwidth not by locations. Reduce operational cost, respond with velocity.

What it does

Coverage

Protect your entire enterprise across devices, infrastructure and threat vectors.

Cyphort’s software-based, distributed platform ensures your enterprise finds any malware activity across your networks, data centers and cloud. That includes malware targeted for Windows, Mac OSX and Linux devices.

Scalability from one location to hundreds of locations.

Cyphort’s unique Collector/Core software architecture with clustering ensures you can protect your enterprise globally no matter how distributed.

Licensed by bandwidth, not location.

We price our solution based on the amount of network bandwidth it protects — not by the number of locations it protects. One internet connection with 1 Gbps link or 100 branch offices with 10 mbps each makes no difference to your advanced threats defense bottom line.

infographic-coverage_v2-e1392238568906.png

Detection

Cyphort detects advanced threats — there is no escape path.

With a multi-method detection engine, Cyphort finds new threats no matter how stealthy and adaptive. Our heterogeneous static & behavioral approach can analyze Malware that is specifically designed to evade traditional detonation only sandboxing.

Encrypted and obfuscated threats cannot fool Cyphort.

Our proprietary Playback engine ensures we detect threats that employ techniques such as multiple payloads, encryption, and obfuscation.

Analysis engine matches the complexity of malware.

When dealing with the complexity of analyzing millions of malware samples, heuristics and other rule-based systems often fail.  Cyphort uses a combination of Machine Learning models, trained continuously using millions of the newest and historic Malware samples. This technique yields best efficacy in detection by reducing both false positives and negatives.

evolving-attacks-v2a.png

Action

We prioritize and mitigate threats based on the true risk to your organization.

Cyphort is an incident responder’s best friend. Not only do we show you all the malware activity but also –

  • Tie the alerts together into incidents
  • Provide “Severity Rating” based on the threat’s Intent, Adversaries, Targets and Techniques.
  • Offer Infection Verification Pack (IVP) to determine which devices are infected before taking action
  • Provide mitigation rules for FW, SWG and IPS devices

 

We provide complete visibility across your entire enterprise.

Our web-based, administrative interface gives you a comprehensive view of any advance threat activity across your enterprise. At one glance, the dashboard depicts all Threat activity in your enterprise categorized by Severity, Stage and Intent.

We save you time and money by verifying suspect devices before taking action.

Only about 10% of devices that downloaded malware actually get infected. Cyphort Infection Verification Pack, allows you to verify if a suspect device is indeed infected before acting upon it.

wid-action-2.jpg

How it works

hidi-infographic.png

The Cyphort solution is delivered as software that can be installed on general-purpose hardware, virtual machines and cloud environments. The solution consists of four core components:

  • Cyphort Collectors

    Software-based probes deployed at strategic network locations (Internet egress points, data centers, etc.) throughout your enterprise’s network infrastructure to collect suspect objects and communication.
  • Cyphort Core

    The centralized detection component of our solution, Cyphort Core analyzes the collected suspicious network objects and associated metadata from the Collectors.
  • Cyphort Manager

    This web-based, single pane of glass administrative interface enables your enterprise to manage the distributed deployment and provides access to reports and functions via an easy-to-use threats dashboard.
  • Cyphort Threat Network

    A cloud service that feeds global threat intelligence to the Cyphort Core for enhanced detection of current threats, aggregating threat information across all Cyphort installations.

Multi-Method Detection

At Cyphort, we have a unique understanding of the Advance Threat Protection as it relates to enterprises. We have pioneered solutions in this field validating that enterprises of today require Continuous Monitoring and Risk based Mitigation with actionable and business-relevant intelligence. Our detection philosophy is simple: we aim to help you collect Smart-Data around the threats and your environment. We use our revolutionary Analysis Engine for determining the risk of suspect threats. With our software-based solution, we help put you back in control of your threat protection.

Cyphort uses a four-step process for malware detection and prioritization — covering collection, inspection, analysis and correlation.

 

 

multi_method_detection_v2-e1392242754818.png

Step 1: Collection

Collection - During the collection phase, Cyphort Collectors continuously monitor the network traffic in real-time for malicious activity, collect and package “network artifacts of interest” and submit this to the Cyphort Core for further analysis. Collectors are designed to monitor network traffic across web, email and file sharing applications.

Step 2: Inspection

Inspection - During inspection, Cyphort Core inspects objects using a variety of unique techniques, leveraging static analysis for pre-profiling and a heterogeneous behavioral interrogation environment to extract the full set of static and behavioral indicators from Malware.

Step 3: Analytics

Analytics - Signals and Threat Indicators from the Collection & Inspection phase is fed into the Analytics Engine; using a mix of Supervised Context-based Machine Learning, and Predictive Modeling techniques an accurate classification of the Threat is completed. Our analytics engine “Learns” from chained threats that may attempt to evade behavior analysis.

Step 4: Correlation

Correlation - During the correlation phase, data is aggregated from analytics, network activity, the Cyphort Threat Network and enterprise systems to provide “context” to the detection process. This allows Cyphort Core to validate Malware, the extent of the infection, and provide the steps necessary to verify and mitigate attacks.

API-Based Integration

api-based_integration.png

Cyphort has an open architecture that enables it to work with your third-party solutions.  That means you can leverage other third-party threat and asset data for more context aware prioritization as well as drive threat mitigation through your existing enforcement infrastructure e.g firewalls, secure web gateways and intrusion prevention systems.

Deployment Scenarios

Single Location Deployment

An enterprise with a single egress point can deploy all Cyphort components on one commodity server or VM and deploy it off a TAP or SPAN port on their physical switch or virtual TAP port on a virtual switch. Integrated monitoring for web, email and other applications will ensure coverage for attack vectors.

infographic-medium-enterprise.png

Large Distributed Enterprise

An enterprise with multiple locations can deploy free Cyphort Collectors on inexpensive commodity hardware or as VM at every location. Core can be deployed at a centralized location as software or VM and can be clustered to provide scalability for hundreds to thousands of branch offices.

Collectors in branch offices send suspect objects and metadata to the Core hosted in the data center.

infographic-large-enterprise.png

Deployment in Cloud Infrastructure

Organizations hosting their assets in public or private clouds have a lot of flexibility in deployment.

  • Collectors can be deployed in the cloud data center to monitor and capture malicious traffic e.g. VDI traffic from virtual TAP or SPAN ports.
  • Physical locations can have software Collectors on commodity hardware, attached to the physical networks
  • Core itself can be deployed in a cloud datacenter as a scalable cluster
infographic-cloud-enterprise.png