Anti-spam filtering and firewalls can provide a strong level of protection against malware entering the network. Whilst it is important to prioritise the blocking of incoming malware, having the ability to identify suspicious behaviour from an attacker who has managed to bypass these controls is extremely valuable. Known as 'Advanced Persistent Threats' or APTs, the more capable attackers typically avoid causing disruption to your network. Instead, they will slowly attempt to access systems and extract valuable data, including business and personal information. APTs can remain undetected for years, slowly leaking data and even using a company’s network as a base for other attacks.
Neterix can provide systems that will monitor and identify potential internal threats. An intrusion detection system works by monitoring network activity and building a model of ‘normal’ patterns. The system learns how your network operates and the typical traffic that should be flowing through it. This allows the system to identify any unusual patterns of activity, such as network scanning, high levels of network traffic or brute force exploits. The system generates alerts whenever it sees unusual activity, providing details of the associated systems.
A honeypot takes network monitoring to the next level by creating a fake system or systems on the network. These appear like standard desktops, servers or other appliances and imitate common services. The honeypot listens to all connections and will capture any attempts to login, view data or attack a service. The system can also detect scans that attackers commonly use to map your network. This can provide valuable intelligence on the potential source, target and methodology being used. A honeypot is a valuable tool that will help you quickly identify potential attacks and deal with them.
Our systems are designed to meet your requirements and will emulate relevant operating systems and services. We can provide a range of physical and virtual honeypot systems that are placed at strategic locations on your network. All solutions come with our support and active monitoring of any alerts. We will help interpret any warnings and ensure you can respond to the threat.