Threat Detection & Response

With this feature, users can automatically learn the normal behavior of their network and quickly flag any deviations from the baseline. The anomaly detection provides our users with immediate visibility into potential threats, reducing the time to detect and respond. Over time, our behavioral models adapt and evolve, minimizing false positives and ensuring alerts focus only on significant changes that truly require attention.

We use LAN CP to map network communication flows and detect anomalies, such as undesired hosts, irregular communication patterns, and unexpected process commands. For example, it flags write commands when only read commands are allowed by the baseline. This feature is ready to use out of the box, requiring zero configuration, and includes tools to generate communication rules from external files to reduce false positives.

This is one of the most powerful features in our arsenal, offering the best DPI capabilities in the industry. It provides deep insights into protocol fields, detecting anomalies such as protocol misuse, data injection, and buffer overflow attacks. With DPBI, users can even handle advanced scenarios, like flagging deviations in process parameters that remain within the protocol specification but fall outside expected baseline. With this feature we set a new standard for precision in detecting and addressing protocol and anomaly-based threats.

We use this capability to track device configurations and immediately alert to any deviations. Users can customize alerts and thresholds to streamline and automate workflows for change management, vulnerability tracking, risk assessment, and compliance. It also stores detailed asset information, logs configuration changes, and maintains a historical record for auditing and analysis. As a result, users can stay on top of critical events and maintain full control over your assets.

Each event we detect comes with detailed information, including severity, event classification, TTP mapping (tactics, techniques, and procedures), and other contextual data to simplify analysis and response. We also provide curated playbooks with potential next steps and step-by-step guidance, ensuring our users work with all the info they may need.

We detect malware through a combination of passive network-based monitoring and endpoint detection via managed agents. The Industrial Threat Library, a robust collection of Indicators of Compromise (IoCs), signatures, and behavior-based detection rules, includes over 160 checks for known ICS malware such as WannaCry, GreyEnergy, and Triton. Alerts provide detailed asset information, contextual descriptions, and PCAP files for traffic analysis, enabling faster detection, thorough analysis, and efficient responses to threats.

This feature allows our users to review historical network logs to uncover threats that were missed due to the absence of IOCs or signatures at the time. It’s especially valuable for identifying persistent threats or malware that evolve over time. With this capability, your team can conduct retroactive analyses to detect malicious activities and ensure nothing slips through the cracks.

We continuously monitor network traffic to identify malformed packets that may signal exploitation attempts. This proactive approach detects threats such as protocol manipulation or buffer overflow attacks, enabling users to mitigate risks before they escalate. It has been highly effective in identifying and blocking zero-day attacks like DoublePulsar and Urgent11, even before detection signatures were available.

We detect port scanning activities, including SYN, ACK, and distributed scans designed to evade detection. Our platform allows users to configure sensitivity and alert thresholds, ensuring accurate identification of potential threats while minimizing false positives. This capability helps your team respond quickly to reconnaissance activities before they develop into active attacks.

We use Deep Packet Inspection (DPI) to identify insecure protocols like FTP and Telnet, outdated or vulnerable versions of protocols, such as SMB and HTTPS, and even weak or clear-text passwords. By flagging these vulnerabilities, including weak encryption and inadequate authentication mechanisms, your team can address them proactively before they’re exploited. You wouldn’t believe how many unsecured connections we’ve uncovered over time.

We continuously monitor network traffic to detect reconnaissance activities and suspicious connections, to malicious IPs, such as malware communications or devices deviating from their normal behavior. Alerts are triggered when new connections are established, unusual protocols are used, or devices start behaving outside their baseline.

We help our customers address both security risks and operational challenges, such as device errors, misconfigurations, or communication losses. Tailored policies enable you to monitor critical activities, manage maintenance workflows, and prevent disruptions before they impact operations. This is another powerful feature available out of the box that you can start using immediately.

We empower our customers to develop custom detection rules using runtime extensions, enabling them to address emerging threats effectively. This capability provides the flexibility needed to adapt to evolving risks and tailor security measures to unique or unexpected challenges in their environment.

Our platform seamlessly integrates with third-party Endpoint Detection and Response (EDR) systems, leveraging IOCs from multiple sources for comprehensive threat detection. This integration extends visibility across IT and OT environments, enabling faster and more effective responses to potential threats.

Our detection uses advanced generative AI to simplify complex tasks, like analyzing events, identifying risks, and generating detailed reports. We this we try to help our users quickly filter through massive amounts of data to find exactly what they need, saving time and enabling faster, more informed decisions.