Unknown Threat Detection

Threat actors constantly modify code and use advanced techniques to avoid detection, but they still leave footprints scattered all over the network. When siloed tools deliver only partial information, Flowmon’s security intelligence pieces together all signs of nefarious activity, zones in and delivers clear picture of the risk’s scope and impact at early stages.

Launch demo

What is an unknown threat (zero-day threat)

An unknown threat (zero-day threat) is considered a malicious code which has not been seen before. Such threats exploit vulnerabilities as advanced persistent threats or targeted attacks, purposely designed to penetrate the victim’s defences. They are too new or too rare to be recognized by signature-based detection (antivirus, IDS typically).

Unknown threat protection with Flowmon

Detect an insider threat

To counter modified and newly created threats, businesses need technology that finds indicators of compromise (IoC) instead of relying on signatures and blocking solutions, which can be easily sidestepped. IoC provide early warning and are present at every stage of infiltration, from reconnaissance to data exfiltration.

Flowmon's unknown threats detection engine uses a combination of approaches, all working at the same time, to detect malicious activity, but also to enable response and forensic analysis. Applying such network-centric approach for Threat Detection and Response eliminates visibility gaps, enables incident understanding and significantly cuts MTTR (see SOC Visibility Triad).

  • Machine learning
  • Adaptive baselining
  • Heuristics
  • Behavior patterns
  • Reputation databases
  • Signature-based detection

How does it work?

Gather data

The solution uses network traffic metadata exported from different platforms (datacenter, SaaS, Cloud), encrypted traffic analysis included.

Detection

Detection of unknown threats is based upon several techniques inspecting the network traffic from several points of view.

Analysis

Once a threat is detected, the user is alerted and can immediately see the event and what it represents in the given context.

Response

Flowmon can automatically trigger a response via integration with other security tools to block or quarantine the threat. The event is logged and recorded for full forensic drilldown.

Product

Flowmon ADS

Detect and Stop ransomware!

Launch more
Trial

Request free trial

Get no-obligation 30-day trial of Flowmon in your network.

Get your trial today