Advanced Anomaly Detection

  • Home
  • Advanced Anomaly Detection

AAD is a SaaS provided by HKIT Security Solutions with a customized open-source based solution, designed to scan network activity for security anomalies.

AAD was built to address the cyber security threats in a company’s network and provide advance threat identification in comparison to a costlier solution for small to medium organization where they cannot afford to adopt a similar inexpensive solution.

Advance Anomaly Detection (AAD) provides one approach to network security threat detection. It is a systems that detect security threats based on threat and anomaly signatures.

AAD is the continuous monitoring of a network for unusual events or trends. AAD is an integral part of network behaviour analysis (NBA), which offers security in addition to that provided by traditional anti-threat applications such as firewalls, intrusion detection systems, antivirus software and spyware-detection software. AAD's database is loaded with over thousands of signatures from variety of sources that are regularly updated to match new and recent threats identified over the internet. With its threat identification intelligence, AAD can detect threats such as malware, botnet and backdoor communications that few other security systems can consistently detect. all threats such as Malware, Bots, Backdoor Communications that most firewalls miss.

AAD Benefits

  • AAD contains over 70000+ unique signatures.
  • Matching the captured network traffic (pcap) against existing Emerging Threats protections.

AAD can detect

  • Exploit kit activity
  • Exploit delivery
  • Spyware operation and command and control
  • Host-based Trojan network activity
  • and command and control
  • Remote access Trojans
  • Anomalous user agents
  • Distributed denial-of-service (DDoS)
  • Crimeware
  • Covert channels

The service does not interfere with the production environment or the current network flow.

The information on identified threats will describe both the source and the destination, the protocols involved, impact of the threat, remediation guidance, and if necessary, the timestamps of the communication

In addition to active threats, the following types of issues can also be detected:

  • Suspicious activities like scans, communication that resemble lateral movement (malware infected host attempting to compromise other hosts), transfer of suspicious file types.
  • Use of insecure protocols like SMBv1, SNMPv1, SSHv1, FTP without encryption, SMTP without encryption, internally hosted web applications without HTTPS.
  • Connection to IP addresses and domains that are blacklisted.
  • Use of applications and protocols that could allow bypassing of company policies like TOR, I2P, Torrents, etc.

 

Want To Be Secure

Online Audit Process