Cytellix solutions incorporate open source and commercial threat intelligence data streams, and correlate with enterprise indexed metadata to provide:
- Identification of newly compromised zombie computers operating on your network
- Discover within minutes whether known command and control (C2) infrastructure on the Internet is accessible from anywhere inside your network edge
- Discover within minutes whether known Dark Web (TOR) exit nodes are accessible from anywhere inside your network edge
- Real-time identification of nefarious TCP/UDP port usage by known malware exploits
- Real-time identification of changes to TCP/UDP port usage, which may be an indicator of compromise, such as RDP or FTP usage violations
- Correlation with cybersecurity use cases: New network discovery, new device discovery and profiling, insider threats, leak detection, rogue networks, and many user behavioral analytics use cases
You can also add the context of NetFlow and other data streams within the embedded Hadoop Distributed File System (HDFS) to provide deeper security intelligence, analysis and insights, which can lead to faster remediation.