SYSTEMS

Secure Servers

An innovative multi-layered approach to securing servers and critical systems using Signature-based systems, Behavior models, and Advanced Access Control to detect, mitigate and prevent security incidents. The multi-layered approach helps administrators identify, prevent and understand known attacks while also being able to prevent previously unknown attacks. The system also protects organizations from the threat of insider attacks to ensure confidentiality, integrity, availability and security of data.

Incident Analysis Systems

The system reads and correlates data from many sensors from different vendors in the organization to detect stealth attacks that may be missed by network-based security systems which would see high traffic rates and may not have the resources to maintain state over longer periods of time. The sensors consist of host-based agents and network-based systems which together collect information from different points of an organization's network that could even span multiple geographic locations. System provides for security administrators to analyse, investigate and drill down into an incident occurring anywhere in the organization through a single screen.

Enterprise Data Security Systems

A novel method to monitor the access, storage and transmission of data in an enterprise that prevents any loss or unauthorized use of data and also ensures confidentiality of information. With the increasing use of personal web based emails, social networking sites and instant messengers, it is hard to monitor the data moving around an organization's network. The default use of encryption to ensure privacy and secrecy of personal data makes it harder for network based systems to detect and prevent data loss. The system consists of a host-based user agent that works with a network-based system to identify proprietary and confidential data so that the following activities can be monitored and prevented in real time - - Access Protection - who can read what data, who can modify what data - Read and Write protection based on user - Transmission Protection - what data can be sent or cannot be sent based on a whitelist or blacklist respectively thus maintaining confidentiality

Enterprise Threat Replication Systems

Organisations need to have understand whether any newly disclosed vulnerabilities or even rumoured vulnerabilities that are probably being exploited in the wild before disclosure can affect them. Your SOC Team needs knowledge of latest vulnerabilities, zero days, and threat intelligence so that they can make informed choices about how and when to roll out patches without affecting customers or resulting in downtime.

MODULES

High Speed Packet Capture Interface

Organizations want efficient monitoring over the data that flows in their networks. Security appliances that are intended to perform deep packet inspection by passively listening to the network traffic are not able to scale up and match the higher speeds being seen on Enterprise networks including traffic over the cloud, on prem or otherwise. This results in the system not being able to inspect every packet or being evaded by insiders. Scientia's packet capture module can help security vendors to improve capture rates on security appliances and server class machines that are used to run security applications.