Awake Security uncovers malicious intent across on-premise, IoT and cloud infrastructure

Awake Security unveiled the Fall release of its Awake Security Platform, a network traffic analysis (NTA) solution designed to help organizations combat cyber threats and improve visibility.

Awake’s intelligence is built on visibility and an understanding of the business entities in the organization—whether those are traditional IT assets, Internet of things (IoT) devices, or cloud workloads. Through analysis of every communication between these entities, Awake’s network detection and response platform better detects mal-intent and attacks that blend in with business-justified activity. This empowers security teams to stop insider attacks, credential abuse, lateral movement, data exfiltration, and more.

“We see a shift in the way security teams go about uncovering threats as their organizations embrace the cloud, IoT, and/or hybrid IT. Only looking for ‘known-bad’ is no longer sufficient as it leaves security teams oblivious to advanced, non-malware oriented threats especially once the perimeter has been compromised. Modern security operations centers must focus on using analytics and artificial intelligence on real-time network data to rapidly uncover such threat activity,” said Eric Ogren at 451 Research.

“Awake’s entity-centric NTA approach promises to help eliminate noise and provides security teams with the visibility, detection, and response features required to secure modern enterprise environments.”

The latest release of the Awake Security Platform strengthens organizations’ ability to detect malicious intent so they can find and stop attackers that exploit otherwise benign tools and infrastructure. Using artificial intelligence, Awake brings the skills and knowledge to every customer, allowing for the detection of everchanging attacker tactics, techniques, and procedures (TTPs).

“The very definition of the network is changing with the increased prevalence of cloud, IoT, and shadow IT practices,” said Rahul Kashyap, CEO at Awake.

“These most recent innovations enable detection of threats targeting this new network, whether on-premise or in the cloud, whether from managed or unmanaged infrastructure, and whether IT or operational technology. Ultimately this is enabling our customers to secure the connected workplace more effectively and autonomously.”

With this release, Awake delivers the network traffic analysis solution that marries threat detection with forensics to deliver a platform for all users in the security team and beyond.

Key highlights of this release include:

For the Level 1 analyst:

• Detection: Automated detection of new and emerging attacker TTPs. These detection “skills”, built into the technology by the Awake threat research team, operate by correlating across entities, time, protocols, and other relevant parameters. These skills can also be built and customized by Awake customers and partners.
• User experience: Visualization and threat mapping that allows teams to spot campaigns early in the attacker lifecycle and shrink response time.

For Level 2 and 3 analysts:

• Triage: Forensic analysis that gives every entity in the environment a credit-score-like risk rating and presents the evidence within a forensic threat timeline.
• Response: Investigation and response capabilities that deliver context and capture an organization’s procedural knowledge and process into the platform’s machine learning models.

For the Security Operations, Network Operations, and Compliance teams:

• Visibility: Support for visibility, including IoT infrastructure and workloads and applications in Amazon Web Services, Microsoft Azure, and the Google Cloud Platform.
• Integrations: Organizations’ existing solutions are amplified through Awake’s integrations into SIEM, endpoint detection, and security orchestration tools.

“While the SOC has quickly seen the merits of NTA, existing solutions have struggled to address challenges with training machine learning algorithms, weak internal attribution, and high false positives,” said Gary Golomb, co-founder at Awake.

“Our updated platform uses full-packet analysis, encrypted traffic analysis, entity tracking that goes beyond IP addresses, and smarter approaches to machine learning that now automate the type of deep forensic insight that could previously be achieved by only the most advanced threat hunters.”