Discover how eclipse.xdr protects your business and
helps to establish trust in your IT environment.
Pushing the Boundaries
of Space and Time
The independent cyber-defense platform eclipse.xdr acts as a force multiplier to dramatically reduce an organization’s exposure to cyber-attacks and minimize the likelihood of business impact after system compromise. Engrained into the platform is a defense-in-depth threat intelligence architecture that reduces an organization’s exposure to a massive number of cyber-threats, and a methodology that minimizes the breach dwell-time through periodic forensic-depth compromise assessments.
Design Principles
As defenders, we must implement groundbreaking controls that help us get ahead of breaches, minimize business impact, and optimize risk and resources. CyberStash has employed 6 critical design principles in developing a revolutionary cyber defense platform that overshadows an organization’s existing defensive capabilities.
Leverage a defensive methodology that does not depend on prior knowledge of malicious code.
Use a massive number of threat-intelligent indicators, risk-based policies, GEO-fencing, and ASN-fencing, to significantly reduce an organization’s exposure to most sources of attacks.
Independently audit every system within an organization as thoroughly as possible at a frequency defined by risk appetite to detect breached systems before they impact business.
Hunt, detect, and respond to unknown and sophisticated attacks that circumvent existing defenses, controlling the breach dwell-time down to 1 day.
Optimize risk and resources through the cost-efficient manner in which threat information is collected, correlated, and disseminated, thus effectively reducing resource overhead for managing threats, thereby providing organizations with a greater return on their investment.
Orchestrate and automate the work a security analyst is required to perform using correlation, enrichment, threat intelligence, dynamic analysis, anomaly detection of operating system artefacts and incident response.
Cyber-criminals continue to outpace and outsmart defenders and cause business impact to organizations by designing attacks that are too sophisticated for them to catch with their current investment in defenses.
Leverage a defensive methodology that does not depend on prior knowledge of malicious code to stay ahead of threats, the methodology used must not depend on detection engines designed to catch the threat itself. The capability used to support such a methodology must be designed to ‘catch all leads’ and then validate each one and provide a conclusive verdict of either ‘compromised’ or ‘not compromised’ without leaving any room for doubt.
Forensic-Depth Compromise Assessments
Enrichment and Reverse Engineering Discovered Leads
Anomaly analysis of Operating System Artefacts
Discovery of High-risk Network Traffic Based on Intelligence, Machine Learning (ML), GEO-IP and ASN
Technology Stack
Network Threat Intelligence Platform
Vendor-agnostic Threat Intelligence Gateway connected in-line with your network traffic as either a layer-2 bridge device or a virtual cloud instance that inspects network traffic at rates of up to 10Gbps. The threat gateway is empowered by a massive number of threat intelligence indicators updated through the eclipse.xdr Cloud which is also used to configure automated policies for blocking malicious traffic.
Endpoint Forensic Collection Agent
A lightweight endpoint agent for Windows, Mac, and Linux operating systems, that collects post-breach forensic artefacts at a frequency configured to meet the organization’s risk appetite for controlling dwell-time. Continuous Threat Monitoring and Real-Time Detection are also provided using the same agent that detects the most prevalent adversary behaviors.
Dynamic Analysis
A Cloud-Native hypervisor-based Sandbox that remains invisible by defeating even the most evasive measures built into advanced threats. Dynamic Analysis transparently monitors every interaction with the target machine to provide end-to-end visibility into malicious behavior.
Auto Analyst – SOAR Flagging Engine
A configurable Threat Flagging Engine that automates the manual effort performed by a security analyst to quickly enrich and triage threats and rate the level of risk to an organization.
Endpoint Incident Response Agent
Leveraging the same agent used for Forensic Collection, the
Endpoint Incident Response Agent enables both collection and
response action to be performed to limit the damage following
a confirmed breach. These incident response actions include
but are not limited to:
SIEM Threat Detection Platform
A Cloud-Native SIEM that correlates DNS events with logs collected from the eclipse Network Threat Intelligence Gateway to detect advanced threats and to map these to the corporate host targeted by the attack
- Enriching discovery with intelligence
- Enriching discovery with dynamic analysis
- Searching for threat indicators
- Collecting additional forensic evidence
- Isolating an infected host
- Deleting a malicious file or registry key
- Killing a malicious process or service
- Removing a persistence mechanism
- Executing a PowerShell command
Network Incident Response Gateway
Leveraging the same gateway used with the Network Threat Intelligence Platform, the Network Incident Gateway allows incident responders to quickly perform threat containment when responding to an attack. The incident response actions include the following:
- Blocking the IP Address associated with the source of the attack
- Ransomware TrackerBlocking the domains associated with the source of the attack
- Blocking the country the attack originates from
- Blocking the ASN the attack originates from
Extended
Fortify your existing defenses with eclipse.xdr, the independent cyber defense platform that leverages multi-point telemetry to dramatically reduce your organization’s exposure to cyber-attacks while preventing business impact by automating threat detection and incident response.
Detection
Enrich endpoint and network telemetry with threat intelligence, forensic-depth compromise assessments, dynamic analysis and machine learning to expand your detection capability and achieve a zero-trust security architecture.
Response
Orchestrate incident response using automated risk-based decisions to optimize resources and inform periodic threat hunting and on-demand actions by the security analyst.
By uncovering compromised hosts within 1 day, eclipse.xdr empowers organizations to reduce the likelihood of actual business impact taking place by 96%.
Every day, an unbelievable 850,000 new malicious IP addresses are launched, 8 billion spam and phishing attacks occur, and 30 to 50 million malicious domains exist at any one time.
Too often neutralising cyber threats is reactive and limited to single point-in-time analysis.
To stay a step ahead of the adversary, continuous monitoring and coverage of the adversary, their turf and their tools are a necessity.
eclipse.xdr empowers the collective threat intelligence gathered globally to detect and block known and emerging threats in real time and reduces an organization’s exposure to the staggering number of potential attackers.
What you get
Collection
Collection of forensic-level system information from all endpoints across the entire IT fleet
Forensic State Analysis
Validate every aspect of the system by going underneath higher-level Operating system APIs and working directly with volatile memory structures.
Enrichment
Inform discovery using Code Comparison, Machine Learning, Sandboxing, Threat Intelligence and
Stacking Techniques.
State-of-the-art
Cyber Security Platform
To stay ahead of threats, the methodology used must not depend on detection engines designed to catch the threat itself.
The capability used to support such a methodology must be designed to ‘catch all leads’ and then validate each one and provide a conclusive verdict of either ‘compromised’ or ‘not compromised’ without leaving any room for doubt.
eclipse.xdr uses a staggering number of threat-intelligent indicators, risk-based policies, GEO-fencing,
and ASN-fencing, to significantly reduce an organization’s exposure to most sources of attacks.
How we do it?
eclipse.xdr protects organizations by harvesting and empowering a massive number of threat intelligence indicators and operationalizing these to block attacks in their tracks. Risk-based inbound and outbound policies add weighting to an indicator’s base-risk score to compound the level of threat to the organization if the traffic is associated with a high-risk ASN or high-risk country. Your organization’s exposure to cyber-threat is immensely reduced through this defensive methodology.
Supported Threat Feeds
What you get
Commercial
A Threat Intelligence Gateway that provides up-to-the-minute, line-speed protection against known sources of threats, both inbound and outbound,at scales of up to 10 Gbps.
Open Source
Protection against 150 million known threat indicators using continuously updating, risk-based, policy-driven, actionable threat intelligence that blocks and detects known sources of threats.
Government/Industry
Leverage of a vendor-agnostic open platform with centralized management to enforce risk-driven policies, to inform threat hunting, and to investigate and respond to incidents.
Bring Your Own Intel
Cloud-native management of your policies, intelligence, investigation, & reporting that’s self-managed, co-managed or completely managed by CyberStash Security Analysts.
eclipse.xdr detects sophisticated attacks using Forensic-Depth Analysis. Forensic-Depth Analysis is a post-breach threat hunting practice that periodically surveys all endpoints within an organization to discover forensically relevant leads.
Leads are also discovered by detecting changes in the forensic state of files. The methodology used does not depend on catching the attack on its way in but takes an adversarial approach to threat hunting whereby endpoints are assumed to be breached and assessed to conclusively confirm their state of compromise.
15 Steps For Conclusive Validation & Response
CyberStash establishes trust in an IT environment by carrying out 15 steps.
The process we follow is akin to that of a highly trained digital forensic analyst, however, we deliver our deep-level analysis at scale through automated host-level surveys before augmenting and enriching what we’ve discovered.
When delivered as a Managed Detection and Response (MDR) service, our security analysts then go over the endpoint meticulously to flag every operating system component as Verified Good, For Review, Potentially Unwanted or Verified Bad. We maintain a memory of these decisions and then work on all the net-new forensic leads we discover on subsequent assessments, thus enabling us to deliver a feasible and scalable service to any size enterprise.
eclipse.edr
In addition to forensic depth discovery, our eclipse endpoint agent also provides detection for the most prevalent behaviors described within the MITRE ATT&CK Framework. The eclipse Adversary Behavior Detection Engine (ABDE) provides Defense-in-Depth detection whereby we increase the opportunity and the confidence level of detection covering the attack chain.
In addition to Forensic-Depth Analysis, eclipse.xdr employs the following additional threat hunting techniques to discover previously undetected threats within the enterprise:
1. Anomaly Analysis of Operating System Artefacts
2. Threat Analysis of High-Risk Network Traffic Based on
Intelligence, GEO-IP, and ASN.
eclipse.xdr collects DNS events from the client’s environment and correlates these with the logs from its Threat Intelligence Gateways to automatically identify the internal resource associated with an identified threat.
Optimization
eclipse.xdr orchestrates and automates the work a security analyst is required to perform using correlation, enrichment, anomaly detection of operating system artefacts, dynamic analysis, and threat intelligence.
With the magnitude of the security alarms generated by today’s technologies, security analysts have the impossible tasks of correlation, enrichment, and reverse engineering code to arrive at a final verdict of risk. The orchestration built within eclipse.xdr automates the manual heavy lifting a security analyst is required to perform and automatically flags leads as Confirmed Malicious, Probably Malicious, Suspicious, Probably Good, or Verified Good. This enables a security analyst to quickly pin down the areas of risk by filtering on these flags to then perform continuous or on-demand response actions using eclipse.xdr
eclipse.xdr leverages vendor-agnostic threat intelligence data, geofencing and infrastructure-blocking to significantly reduce your exposure to risk from emerging sources of the cyber-attacks responsible for most of today’s breaches, no matter how sophisticated the attack may be.
What’s more, eclipse.xdr runs periodic compromise assessments using completely independent, automated forensic-depth analysis techniques that comb through your fleet of endpoints to detect every digital change that occurs in your environment and assess the level of risk each change poses to your business. And, yes, we also detect In-Memory Living-off-the-Land attacks!
Easy to manage, eclipse.xdr provides automated threat hunting and security orchestration, so no expenses for additional skilled resources. eclipse.xdr also takes continuous response actions to contain threats, or you can simply let CyberStash security experts respond to the task on your behalf.
Receive accurate, timely notifications about threats and validated breaches that your existing security defences simply can’t provide.
Talk to us today about eclipse.xdr and get ahead of the business impact.
eclipse.mdr | Managed Detection and Response
When delivered as a Managed Detection and Response (MDR) service, CyberStash constantly monitors, detects, hunts, investigates and responds to cyber threats to keep your business safe.
Security Monitoring | Incident Investigation
24/7 Automated Protection
| Detection | Threat Hunting | Incident Response
Periodic Tuning and Reinforcement
Incident Response | Threat Containment
Security Consulting | Actionable Advice
Independent & Automated Security Stack
Let’s get started
cyber-attacks and minimize the likelihood of business impact.