Threat actors constantly modify code and use advanced techniques to avoid detection, but they still leave footprints scattered all over the network. When siloed tools deliver only partial information, Flowmon’s security intelligence pieces together all signs of nefarious activity, zones in and delivers clear picture of the risk’s scope and impact at early stages.Launch demo
An unknown threat (zero-day threat) is considered a malicious code which has not been seen before. Such threats exploit vulnerabilities as advanced persistent threats or targeted attacks, purposely designed to penetrate the victim’s defences. They are too new or too rare to be recognized by signature-based detection (antivirus, IDS typically).
To counter modified and newly created threats, businesses need technology that finds indicators of compromise (IoC) instead of relying on signatures and blocking solutions, which can be easily sidestepped. IoC provide early warning and are present at every stage of infiltration, from reconnaissance to data exfiltration.
Flowmon's unknown threats detection engine uses a combination of approaches, all working at the same time, to detect malicious activity, but also to enable response and forensic analysis. Applying such network-centric approach for Threat Detection and Response eliminates visibility gaps, enables incident understanding and significantly cuts MTTR (see SOC Visibility Triad).
The solution uses network traffic metadata exported from different platforms (datacenter, SaaS, Cloud), encrypted traffic analysis included.
Detection of unknown threats is based upon several techniques inspecting the network traffic from several points of view.
Once a threat is detected, the user is alerted and can immediately see the event and what it represents in the given context.
Flowmon can automatically trigger a response via integration with other security tools to block or quarantine the threat. The event is logged and recorded for full forensic drilldown.