CyberSight: Security

Security Information

CyberSight's Unique Security Engine Hacking, Zero-Day Exploits Security FAQ's What Security Companies Don't Want you to Know Fact Attack:
A Few Facts About Security Fill the Large Gaps Stop Industrial Espionage Urban Myths

Hacking, 0 Day

One of the problems with security today is the lack of protection against 0 day exploits, threats which were written recently which have not been seen by security companies and added to their products. CyberSight addresses this problem in a unique way using a patented technology called "capability analysis". This technology examines in detail all unknown executables and discovers their internal hidden capabilities. Capabilities such as

IP capability - the potential ability for an executable to connect to the internet, IP detection in the following languages - C, C++, Delphi, Visual Basic and Java. This also includes the generic use of system classes.
Stealth ftp - the presence of FTP code which may enable an executable to secretly send and receive files across the network
IP Notifiers - an executable which has a hidden tool designed to notify a hacker when the victim is online and available to be hacked
Email - tools which can secretly send out data via smtp (email)
Voice recorders - tools that can record from a laptop microphone
Video recorders - tools that can record live images from a webcam
Cryptography - use of generic system or common freeware encryption libraries
Compression - use of compression tools which can compress data to hide it from content checkers
Game libraries - used in most modern gaming applications
The ability to steal keys from your keyboard
The ability to take a picture from your webcam
Hidden file transfer capabilities
CyberSight examines all new exe files in detail and gives you a risk rating on their capabilities. Using this feature we have detected every worm submitted for the last five years.

PKZIP encrypted threat detection

One of the main drawbacks with ALL other security products are their inability to detect threats in encrypted zip files. When we presented this technology to the government they did not believe it themselves. CyberSight can detect threats in encrypted files and it can do it in less than a second. No more having your emails quarantined as they cannot be checked CyberSight can.

USB cards and drives

Tracking the use of USB media devices can be impossible. Which users are putting what data on your network and where. Not only can CyberSight detect the use of USB media devices, it can block them without the loss of USB connectivity.

Secure agent

Security products must be able to protect themselves, too many of them are being hijacked or turned off by malicious code. CyberSight encorporates several top secret methods to protect itself from the user and from malicious attack. The agent does not even have a listener which means it cannot be scanned and controlled like other security technologies. Any direct tampering with our agent results in an instant message to the administrators.

NTFS streams

NTFS streams is an over looked area of security. It poses a significant threat as it is a way of hiding information and executables on the back end of legitimate files. Windows itself has no tools for finding such threats. Consider this,

Run the following command from a CMD prompt

notepad c:\doc.txt:secret.txt

The hidden file you have just created can not be detected in Windows, some tools you can download may find them but this requires time and effort and would be a nightmare to run on lots of machines. CyberSight can detect the creation or presence of these files in realtime on thousands of computers. Would you not like to know if hidden content exists in your network?

Steganography

Steganography is one of the government's biggest concerns when it comes to security. Steganography dates back to the Egyptian times when secret messages were sent by shaving a person's head tattooing the message on their head waiting for their hair to grow back and sending them to a recipient. If the message arrived and the hair was still in place the message had not been compromised.

Tools exist which emulate this capability in the form of hidden data within seemingly normal files. Are you sure that that picture being emailed out of your company does not contain all your secrets hidden away inside it? CyberSight detects a plethora of steganography tools to protect your corporate data.

CyberSight Lockdown

Lockdown is the ultimate in security. You create a "whitelist" - a safe list of executables which are permitted to run and everything else is blocked. Trying to run a virus from your Outlook email account will fail.

Wifi and unauthorised connection

Knowing who is on your network is the first step in protecting it, whether someone has brought in a laptop and plugged it into your lan, or someone has tried to connect to your WIFI network. All of CyberSight's agents are designed to sniff out unknown machines so that you can protect your network more securely.

Protection of other technologies

Not only does CyberSight protect itself, it also protects products like Checkpoint Firewall 1 and Norton Antivirus from being attacked or compromised by malicious code.

Accountability

Many systems can alert you about a threat, but they don't give you a full evidence trail. Just imagine that Fred hacks into his manager's system. A network monitor detects the attempt. How can you prove without a question of a doubt that Fred was the actual user at the terminal when the attack occurred?

Some hacking tools use redirection to hack from a remote system into another. Physical evidence is the only real evidence. That is why when CyberSight detects a threat it not only captures the desktop screen for proof, but, if present it will also capture a webcam video picture of the offending user. It can also be configured to take real time videos of the offending user and desktop.

Comprehensive

CyberSight, by design not only detects hacking but over 320 categories of threat covering over 1.1 million known threats to an organisation. These include hacking, fraud, abuse, piracy, cryptography, attack tools, denial of service, unauthorised applications, utilities, office circulars, subversive material, steganography and it does these in real time on thousands of computers.

Abuse management

Control & manage
Visibility
Network mapping
Point to point connectivity
USB
Small footprint on client only 1500k file to deploy across network
Same executable works on Win 95, 98, ME, NT3.51, NT4 and all versions of Win2000
Limited processing done on client
Limited impact on system performance, typically day to day agent uses
around .05% of the CPU
Works in parallel with the OS, generates no sequential lag

Auditing

What is even more impressive is that the same engine can also collect systems information and more importantly audit information. As nearly every executable file contains information about the product and its version. CyberSight version 7 collects this information in real time, so that the central server is aware of every product installed on every machine in real time.

Capability Detection

One of the major drawbacks of legacy security products is their ability to only detect the known. There are probably more unknown threats out there than known ones. This obviously means that you are protected against less than half the threats on the internet. CyberSight v7 incorporates "capability detection" within its core shape technology engine. This feature examines unknown or unseen before executables which arrive in your network for a host of different capabilities.

CyberSight's engine

The underlying technology in CyberSight is the virtual image of every machine's software and hardware in the network. As the files are created or modified CyberSight agents inform the central repository. This means that up to the second information is held on the central server which enables it not only to detect millions of threats but it gives it the ability to report on all installed software.

One of the most impressive abilities of this approach is that if a new threat has been added to the central threat repository the server can then detect the threat on remote machines instantly without the need to generate 1 byte of network traffic. More impressive is its ability to detect new threats on systems which are not even connected to the network.

Advantages of a virtual image

The advantages are obvious

Central repository of all known and unknown files in your network
Ability to detect any file without even generating network traffic
Ability to report on system usage by file size, type and distribution
Ability to search in seconds for any file anywhere
Understand in real time what software you have, its version and who has it
Ability to see hardware changes e.g. memory being stolen or processors being swapped
Find and backup important files
Identify the movement of restricted documents even in encrypted zip files
Identify unpatched software in seconds
Search all files against a massive threat repository
Processing undertaken on a dedicated server, not by slowing down client machines.

Agent Security

The CyberSight v7 agent does not start a listener on the machine being monitored. This has 2 significant advantages over legacy security products - the agent cannot be spoofed and it cannot be scanned.

Configuration

You can build an unlimited amount of client configurations. On top of this you can configure 20 complete server setups from a simple pull down list.