Cyber Threat

Why Recogniti DataProtect

Cyber information is unlike any other kind of information. If not available to the analysts within a reasonable period of time, it becomes useless. DataProtect, Recogniti’s Cyber Threat Management platform is a fully integrated detection, prevention and incident resolution solution are tailored to the complexities of large government or corporate infrastructures or the small home offices.

The Cyber Threat

Our nation is facing complex cybersecurity challenges, including public and private sector networks and information that are being exploited at an unprecedented scale. Recogniti has been at the forefront of creating innovative wargaming experiments and exercises to test and validate concepts and strategies that examine current and future cyber security threats, vulnerabilities and challenges.

Over the last several years, federal agencies have reported an increasing number of information security incidents to the U.S. Computer emergency Readiness Team (US-CERT). These include both cyber- and non-cyber related incidents, and many of them involved PII. The total number of security incidents reported annually more than doubled from fiscal year 2009 to fiscal year 2013. Moreover, a significant number of security incidents reported by agencies have involved PII – the number of incidents involving PII for fiscal years 2009 through 2013 increased over 140 percent.

How it Works

DataProtect is designed to efficiently address cyber threats by importing threat data feeds, managing and tracking active incident handling workflow, and providing flexible reporting and analysis capabilities.

Main capabilities of the Network Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and Network Security Monitoring engine include:

1. Highly Scalable

Multi-threaded – this means one instance can run and it will balance the load of processing across every processor on a sensor that is configured to be used. This allows commodity hardware to achieve ten (10) gigabit speeds on real life traffic without sacrificing rule set coverage.

2. Protocol Identification

The most common protocols are automatically recognized as the stream starts, thus allowing rule writers to write a rule to the protocol, not to the port expected. This makes the proposed solution an effective Malware Command and Control Channel hunter. Off port HTTP CnC channels, which normally slide right by most IDS systems, are fully supported. Furthermore, dedicated keywords enable matching on protocol fields which range from http URI to a SSL certificate identifier.

3. File Identification, MD5 Checksums, and File Extraction

DataProtect can identify thousands of file types while crossing the network. Not only can they be identified, but can be looked at further by tagging it for extraction and the file would be written to disk with a meta data file describing the capture situation and flow. The file’s MD5 checksum is calculated on the fly, enabling a custom list of md5 hashes to be kept in or out of the network.

Solution for the Large Federal Government and Corporate Infrastructures

There are two main ways to use DataProtect in large infrastructures:

a pre-configured appliance base deployment, or
we can do it all for you using Recogniti Cloud.

DataProtect enables the unique and automated sharing of cyber threat indicators and malware between organizations, facilities and cyber sensors. This translates into faster machine-to-machine sharing of information at speeds up to 40GB/second with minimal latency. The DataProtect Cyber Threat Database is specifically designed for network forensics and cyber threat incident response. Full OpenFPC support allows for a full transcript of the network traffic. This enables the analyst to see the entire “conversation” surrounding a cyber attack or incident.

Solution for the Home and Home Offices

DataProtect Mini has the same powerful features as the full scale product. It is a smaller, low cost router-size appliance which is connected to your small office or home network and instantly you will have the ability for full control and insight on what traffic comes in or out of your network. With the supported thousands of known protocols, sites, and file types – you will gain insight on any internet files you may be downloading from websites or peer-to-peer networks, if anyone is monitoring you, and if any malware or malicious code has been uploaded into your computers.

Product is expected to be released in August 2014.