Professional Documents
Culture Documents
PAC K E T W O R K E R
N E T W O R K S I T U AT I O N A L A W A R E N E S S
Every connected
asset is a potential
target.
The global median dwell time from
compromise to discovery in 2018 was 78
days.
38% of the organisations surveyed were not
aware that they had been compromised.
>50% of breaches are carried out by well-
funded and organised crime groups.
Insider threats increased from 20% in 2014 to
~30% in 2018
Motives are not just financial in nature.
It includes espionage, grudge, fun and,
shaming.
Sources: Industry analysts and market data, March 2019
Index
PacketWorker for Network Situational Awareness 05
Case Study - Banking 10
Case Study - Manufacturing 18
Case Study - Telecommunications 24
Case Study - Critical Infrastructure/Government 30
Case Study - Energy & Utilities 36
PacketWorker Appliances Datasheet 41
White Paper 45
Machine Learning as employed by PacketWorker 52
Vehere PacketWorker is an effective cyber
threat detection and response solution
that helps organisations minimise risk by
accurately detecting cyber threats and
enabling swift response. It facilitates efficient
resolution of identified security incidents
with relevant context, concrete evidence,
actionable intelligence and response work-flow
integrations.
Capabilities
Capture, classify and index all
communications on the wire at line-
speeds.
Banking
Banking
essential device for security teams attempting to
comprehend the scale of their network, observe activity
levels and detect potential shortcomings. Machine
Learning plays a key role in defending assets from
cyber-criminals and malicious insiders.
Summary
Industry/Organisation
Banking
Challenges
Comply with regulatory and audit
requirements
Solution
PacketWorker 10G (combined with
professional services)
Benefits
>50% improvement in detection
efficiency
Manufacturing
Industry/Organisation
Manufacturing
Challenges
Lack of consistency and accuracy
in cybersecurity monitoring of
organisational assets
Solution
PacketWorker 1G
Benefits
100%-visibility into cyber activities
of organisational assets
Business challenges
Traditional solutions don’t work in ICS/
SCADA environments. The customer needed
technology to monitor their enterprise IT
ICS and SCADA and SCADA networks as coherent entities of
ICS is an umbrella term covering many historically different types the enterprise network. Given the mission-
of control systems such as SCADA (supervisory control and data critical nature of assets deployed in ICS
acquisition) and DCS (distributed control systems). Also known as environment, enhancing or upgrading these
IACS (Industrial automation and control systems), they are a form of systems with preventive security controls
operational technology. In practice, media publications often use was deemed unacceptable.
‘SCADA’ interchangeably with ‘ICS’.
Benefits
PacketWorker has rapidly turned
into an essential part of client cyber
security strategies, because of its
one-of-a-kind methodology and
capacity to detect emerging threats
Solution – PacketWorker 1G PacketWorker is a fundamental innovation before they have the potential to
Following a tightly-guarded security that views data from an ICS network in real cause significant damage.
event whose remnants were detected time and sets up a developing pattern for
On deploying PacketWorker, the
by PacketWorker during a later proof-of- what is normal for operators, workstations
organisation was immediately
concept trial followed by a pragmatic policy and automated systems within that
alerted of potential intrusions
review cycle, the company decided to environment. With PacketWorker’s Machine
inside its systems that had already
adopt PacketWorker 1G for their IT and OT Learning, organisations can distinguish
bypassed its other security tools.
networks. and react to emerging threats in real time.
Following an easy implementation
Advanced behavioural analysis can detect
PacketWorker demonstrated the inherent process, it now currently utilises
even previously unseen novel or custom-
value of its self-learning threat detection PacketWorker to persistently analyse
fitted attacks, regardless of whether they
abilities, which is uniquely capable of the overall health of its system
originate in the corporate IT or OT domains
forming an understanding of normal and and to spot sporadic activities that
or navigate between them.
abnormal behaviours without any prior have a high likelihood of being
knowledge. Total prevention of all cyber compromises pernicious, hazardous or non-
is not a realistic goal, but, if identified compliant.
ICSs confront various cybersecurity threat early enough, threats can be alleviated
vectors with varying degrees of loss The advanced cyber defense
before they become full-blown crises.
potential, ranging from non-compliance to technology allows clients to
PacketWorker’s technology can be deployed
disruption of operations, and beyond. secure themselves from the most
across both IT and OT environments to
deceptive attacks that endanger
provide full coverage to an organisation.
Cost of post-event mitigation is significantly critical infrastructure systems,
higher, not to mention the financial loss. regardless of whether those threats
Hence, it is a prudent strategy to ‘efficiently originate from within or outside the
detect and respond swiftly’ to security organisation.
threats in ICS networks to keep costs low.
Vehere Cyber Security - 23
Case study #3
Telecommunications
Industry/Organisation
Telecommunications
Challenges
Gain visibility into what’s
happening on the network
Solution
PacketWorker 10G
Benefits
Real-time insights into
applications, actors and, actions
Improved performance of
application monitoring and
network behaviour analytics for
non-standard management-plane
traffic
Critical infrastructure/Government
Industry/Organisation
Critical infrastructure/Government
Challenges
Concerns about the prevalence of
fast-moving, automated attacks
Insider threats
Solution
PacketWorker 10G and professional
services
Benefits
100%-network visibility including
in ICS protocols
Benefits
Gained real-time operational
visibility
Key facts and figures Solution – PacketWorker 10G PacketWorker was immediately able to
Energy attacks went up by 20% between Deployed in promiscuous mode to monitor identify a lot of malicious malware that had
2017 and 2018. This trend is expected to networks, PacketWorker proved to be an been entering the client’s environment.
continue as governments pours more effective detection and response solution The client saw the cost savings generated
resources into cyber warfare that helped respond swiftly to cyber threats. in terms of preventing the attacks and
It facilitated efficient resolution of identified the gains in efficiency resulting from
75% of companies in the oil, gas and security incidents using concrete evidence, PacketWorker.
electricity reported a cyber attack in actionable intelligence and response
2018. Intruders were able to bypass PacketWorker does not require weeks and
workflow integrations.
protections that were in place. weeks of consulting to implement and the
The client had an account that was speed at which it can operate and mitigate
Cyber-attacks against energy companies the target of an email-based attack. risk is a key differentiator.
usually take months to discover. PacketWorker put the right protection in
Clients often need easy access to real-
place and stopped the ransomware from
48% of energy and utility CEOs think a time data and actionable information to
deploying.
cybersecurity attack is inevitable, sooner understand where they need to focus.
or later.
PacketWorker
Appliances
Key features
Incident assurance
• Affirmation – confirm an incident/suspicion
PacketWorker 300 - ideal for PacketWorker 1K - ideal for PacketWorker 10K – ideal for
throughput up to 300 mbps throughput up to 1 gbps throughput up to 10 gbps
1 X gigabit-ethernet copper OOB 1 X gigabit-ethernet copper OOB 1 X gigabit-ethernet copper OOB
interface interface interface
White paper
Safeguarding an enterprise’s digital ‘crown jewels’ is a priority. However, business is a social activity and several organisations have actually
lowered their guards to improve productivity, increase customer engagement and identify new revenue sources.
The result is a manifold jump in security risks and a serious impact on the business.
Additionally, security teams find it difficult to enforce policies on applications being used by business teams. Risk managers cannot
determine the security posture of personal devices or tools used for customer engagement. Newer digital initiatives by enterprises for
business benefit has put pressure on risk managers and security operators to keep up pace without enforcing stringent policies of the
past and at the same time assuring the senior leadership team of being able to accurately determine business impacts and respond to
eventualities.
Cloud/Shadow IT
Incident response
Encrypted traffic
and network
analysis
forensics
Network
Threat
anomaly
detection
detector
Reactive
Proactive
Adaptable
Security
interpretive
orchestration
monitor
Comprehensive visibility
Businesses are increasingly focusing on being able to ‘find more for less’ i.e., better quality insights but with less talented and
lesser number of manpower.
To observe and respond is human nature. critical monitoring tasks in a cost and
Let’s just apply this to the cyber world. resource-efficient manner to streamline
Deploy a simple monitoring capability that security operations. Integrate output and
enables secops to be proactive and fall back intelligence to prevent perpetrators – on the
to retrospective analysis mode, on demand. inside or from the outside – from causing
significant damage to enterprisal assets.
Gain visibility into every session on Free up cycles to focus on future readiness
the network. Monitor cloud usage and of security operations. Hone capabilities
encrypted communications. Leverage of network managers to troubleshoot
Machine Learning to identify suspicious performance or availability issues and assist
behaviour, watch out for non-compliances in terms of capacity planning along with risk
and travel back in time to determine assessment.
root causes. Pick up evidence to build
actionable intelligence, uncomplicate
Vehere
1629 K Street NW Suite 300,
Washington DC 20006-1631, USA
P +1 202 355 6371
Roxborough Heights,
College Road, Harrow
London HA11GN
P +44 776 631 7891
E info@vehere.com
W www.vehere.com