Login / Sign Up
Blog Posts Process Management
Contributed on March 28, 2024
Loading 3
27

Cybersecurity Services combat an APT with NDR

Blog: OpenText

Blue shield padlock indicating cyber security

Attackers linked to Iran and China are actively targeting critical infrastructure.  Both the U.S. Environmental Protection Agency and National Security Agency have requested that each U.S. State carry out comprehensive assessments of their cybersecurity services and practices. 

Critical Infrastructure, like water treatment plants, need to defend against network-only level attacks (e.g. DNS Exfil, SCADA controls, DGA), but also need the additional layer of security that may be missed by using only endpoint protection (e.g. antivirus) or endpoint detection and response (EDR). 

Not only Critical Infrastructure with complex IOT and OT (Operational Technology) environments, but all organizations strive to fortify their digital perimeters and safeguard their operations and sensitive information. The demand for advanced solutions has never been higher. Enter OpenText™, a trailblazing force in the realm of cybersecurity, with its cutting-edge Network Detection and Response (NDR).

In this age of sophisticated cyber threats, traditional security measures often fall short in providing real-time insights and proactive defensive mechanisms. OpenText has emerged as a beacon of innovation, offering a robust and dynamic approach to threat detection and response by monitoring the network layer of an organization for attacker behavior.

OpenText NDR top 3 capabilities

  1. Packet capture and analysis: The solution captures and analyzes network packets in real-time, enabling deep inspection of network traffic for signs of malicious activity. This granular visibility is crucial for understanding the nature of threats.
  2. Incident response: The solution facilitates rapid incident response by providing actionable insights and alerts. Security teams can quickly assess, collect, and work to mitigate threats to minimize the impact of potential security incidents.
  3. Integration with OpenText MxDR: Seamless integration with OpenText MxDR enables better correlation and analysis of network security events with other MxDR security data, providing a more comprehensive cyber resilience and overall security posture.

Defending against Advanced Persistent Threats (APT)

A leading financial investment management organization put their security posture to the test and OpenText stood out as the sole solution that detected an unannounced advanced red team exercise.

OpenText NDR is one of many security layers which protects the data and operations of this financial organization. OpenText was the sole control which detected the activities by a rogue endpoint introduced during the penetration test in the customer’s network.  The exercise utilized various protocols and methods such as SMB for lateral movement, Kerberos spraying, as well as SIP and RDP based attacks.  NDR detected all the tactics and techniques, using the platform that has been optimized and managed for the customer.

White glove solutions

OpenText Professional Services worked with the customer’s Network Security Engineering Team to integrate and configure the solution to provide actionable alerts.  Our Technical Account Manager (TAM) program ensures smooth operations and optimized value, meeting the cybersecurity objectives of the organization. The OpenText TAM further provides customers with proactive issue resolution, tailored solution deployment, ongoing knowledge transfer, technological evolution planning, advocacy, continuous improvements and time/resource savings. The TAM continues to adapt the OpenText NDR deployment to threats by crafting new custom Suricata and Zeek detections, tuning rulesets from the cybersecurity research organization Emerging Threats Pro (ETP) and custom detections and verifying optimal platform operation and deployment configuration as the cyber threat landscape continues to evolve.

Fully managed services

OpenText delivers NDR as traditional on-premises managed software or as a fully outsourced managed service, providing its advanced NDR platform bundled with expert security operations support that is tailored to each customer. Customers choose from a Technical Account Manager program approach or a Managed Security Service, outsourcing their threat detection and response to OpenText.  OpenText MxDR augmented with our cutting-edge NDR provides customers with a People + Process + Technology solution to defend their organizations.

How can we help?

Ready to harness unparalleled network visibility to efficiently hunt for and defend against threats?  OpenText Cybersecurity Services will be your guide to cyber resilience.  Learn more, or contact us today.

Co-Author: Kevin Simpson is a Principal Consultant with the OpenText Cybersecurity Services team specializing in Network Detection and Response.  Kevin has more than 10 years experience in cybersecurity engineering and consulting. Kevin is a lead Technical Account Manager (TAM) for military defense, government and financial sector customers.

The post Cybersecurity Services combat an APT with NDR appeared first on ONE OpenText Blogs.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="https://www.businessprocessincubator.com/content/cybersecurity-services-combat-an-apt-with-ndr/?feed=html" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples

BPMN.org

XPDL.org

×