While many tools simply give a high-level overview of attacks or violations, they’re missing out on vital information. CloudShark’s Threat Assessment expansion provides the tools you need to quickly determine the root cause of an alert and protect your network. Applying directionality to security alerts, CloudShark Threat Assessment produces threat vectors that show the structure and timeline of a compromise or attack. See beyond the alert name to understand when it happened, where it came from, who was the target, and how and if it propagated.
Go directly to the packets and the stream that caused the problem, making identification and investigation fast and easy.
Easily collaborate with colleagues and experts to get to the bottom of an attack or anomaly. Your analysis can be shared with a single URL.
With help from the community-id field, move from Suricata to Zeek to continue gathering evidence or run more advanced custom scripts.
Deciding between a false-positive or legitimate alert can happen in one window where the analyst has raw PCAP bytes accessible within the same environment as the alert. You can quickly jump to a full follow-stream view for that traffic or filter your PCAP by specific port information.
The Threat Assessment expansion is built right into CloudShark like all other analysis tools. Once you upload a PCAP file, simply open it and choose Threat Assessment from the Analysis Tools menu. A high-level summary will display in seconds.
Our BYOR policy means you can bring along your own custom rules and Zeek (bro) scripts that have been developed in house, installed via zkg or purchased from a third party such as ProofPoint. Threat Assessment ships with the default ET open ruleset, but allows full customization of the Suricata environment.
Built on top of the industry standard Suricata IDS software, Threat Assessment provides all the details you need to identify the root cause of a malware attack.
CloudShark tells you how much of a bad thing you have going on, and helps you drill down to exactly the hosts and packets that are involved in each alert.
Identify and document Indicators of Compromise from capture files while you are investigating an incident. Malware signatures, binaries, and other assets are all easily identified within CloudShark.
With CloudShark managing all your important capture files, you can quickly jump between events and dates to compare traces, making sure that a malware or virus has been cleaned up completely.
When there's something strange going on, it helps to see it right up front. See how much malicious activity there is in your capture, and how bad it is at a glance.
Bad actors can come from inside or outside your network. CloudShark breaks it down by both source and destination endpoints; letting you see who is involved so you can take the appropriate action.
With built-in GeoIP mapping capabilities, you get a picture of where in the world suspicious traffic is coming from and going to.
Clicking on a country will bring you right to the display filter for those packets. And, like everything else in CloudShark, can be accessed simply by URL.
Two of Cisco’s Wi-Fi access points for small-to-medium business include integration to upload wireless captures to CloudShark.
Here in the CloudShark QA Department, we use many open source tools to accelerate our testing process - Capybara, JMeter, and Vagrant are each friends and family to our QA lab.
Cyber attacks today are bigger, faster, and happening more frequently than ever.
Our team is happy to answer your questions or give you a demo. Click below to tell us a bit about yourself and we will get in touch!