Dell SecureWorks New AETD Red Cloak Solution Slashes Time to Detect, Respond to Endpoint Security Threats from Months or Weeks to Hours or Minutes
Armed with strong threat detection and endpoint monitoring capabilities as well as lightweight sensors that can be provisioned in minutes, AETD Red Cloak can scale via a cloud delivery model to any size environment and meet the challenge of identifying attacks that use little or no malware.
Too often, attackers go undiscovered within a victim’s IT infrastructure for months or even years. In one instance, the Dell SecureWorks Incident Response team deployed AETD Red Cloak in a client’s environment and within 48 hours was able to discover threat actors had compromised the environment 14 months earlier. With AETD Red Cloak’s emphasis on sweeping for forensic evidence of malicious behavior, organizations can identify attacks whether malware is involved or not and quickly pinpoint the affected devices to reduce the cost and time it takes to respond.
"Hackers are increasingly using endpoints to enter companies’ infrastructures to steal valuable data," said Jane Wright, principal analyst at Technology Business Research. "To detect and shut down the hackers’ activities right away, companies need more frequent, expert vigilance to quickly spot suspicious activity and behaviors on their endpoints. For many companies, a blend of managed and consulting-style services that combines continuous monitoring with personalized threat hunting and immediate incident response is an efficient and effective way to protect their data and other IP from cyberattacks."
With AETD Red Cloak, Dell SecureWorks is bringing to market a fully-hosted endpoint security solution powered by up-to-the-minute threat intelligence provided by experts from the Counter Threat Unit TM (CTU) research team, as well as global visibility that comes from protecting more than 4,100 clients in 61 countries. Red Cloak was initially developed to support the company’s Targeted Threat Hunting and Response professional services teams.
"Historically, Red Cloak was used by our Incident Response (IR) team when it went out on IR engagements to uncover undetected malicious activity taking place in organizations’ IT environments," said Aaron Hackworth, senior distinguished engineer with Dell SecureWorks’ CTU team. "However, Red Cloak was so successful in rooting out the threat actors that our Incident Response clients insisted we leave the Red Cloak solution installed in their IT environment to alert them to any future malicious activity. Those successes are what drove us to enhance the solution and make it available to help organizations around the world fight stealthy cyber-attacks."
The Red Cloak solution is especially critical for catching attacks that don’t use malware. Once inside a network, attackers are continuing to evade traditional endpoint security controls often by leveraging compromised credentials and tools native to the target’s environment, such as remote access services, endpoint management platforms and other legitimate system tools. This tactic is called "living off the land," and was used to gain entry in more than half of the cyber-espionage incidents Dell SecureWorks responded to last year.
To give organizations the earliest possible warning of compromise, AETD Red Cloak’s sensors search for forensic evidence of malicious activity while continuously collecting information about what is happening on the device, such as what programs are running, what commands are being executed, network connections, thread injection, memory inspection and more. The sensors send the collected data to the Counter Threat Platform, hosted off-premise, where it is analyzed using intelligence from Dell SecureWorks’ CTU researchers to spot attacker behavioral patterns and threat indicators.
"The cyber attacker has to set off just one of the tripwires, which we have installed in our clients’ environment, in order to trigger an alert," said Hackworth. "By focusing on threat actor behavior and not just the tools and infrastructure they use, we can identify and flag suspicious activity that bypasses firewalls, antivirus, intrusion prevent and detection devices and other traditional security controls. With the depth of monitoring we offer, we can put that activity in a larger context to quickly determine the scope of an intrusion."
The solution blends multiple views of system activity to see beyond static indicators such as IP addresses and domain names and uncovers the behaviors and techniques of cyber adversaries. AETD Red Cloak has been deployed on more than 3,500,000 endpoint devices, including desktops, servers, and laptops.
Because AETD Red Cloak is a SaaS solution, it easily scales to meet the needs of a growing organization. Currently, AETD Red Cloak supports endpoints running the Windows operating system. Support for other operating systems is planned for the near future. The Security Analysis Team Cyber Threat Analysis Center will provide an electronic notification within 15 minutes of the determination that activity constitutes a security incident. Targeted or high-impact incidents are forwarded on to the Senior Intrusion Analyst Team, with a response guaranteed within 24 hours of the determination.
AETD Red Cloak builds upon Dell SecureWorks’ endpoint security portfolio, which already features the endpoint monitoring capabilities of the AETD Carbon Black service. AETD Carbon Black provides strong malware detection capabilities and focuses on file execution, the system registry and network connections. It also includes an onsite management console.
AETD Red Cloak is currently available in the North America, Latin America, EMEA and the ANZ regions. Language support is only in English at this time.
About Dell SecureWorks
Dell SecureWorks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. Dell SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.
RSA Conference 2016
Join us Feb. 28-March 3 at the RSA Conference in San Francisco, one of the world’s premier security events. This year, Dell SecureWorks is a Silver Sponsor. Join us at the conference at Booth S1007 in the South Expo Hall.