BitHawk™ picks up where your antivirus solutions leave off, by providing you with a powerful, efficient protection and system clean-up capabilities.
- Reduced risk of malware infection without inhibiting productivity
- Increased uptime of distributed systems
- Decreased complexity of security
- Policy enforcement
- Elimination of misdiagnosis of performance, issues that lead to premature hardware replacement
- Auto-delete suspicious objects
Contains 4 types of intrusion detection devices:
- Signature based: detects known bad code patterns. For example:
- information leaks
- hacking attempts
- unauthorized scanning
- Behavior based: Detects characteristics of network activity and types of traffic
- detects downloaded apps (aka malware) from sites that are not normally accessed.
- brute force attacks
- Statistical: Looks at time based traffic
- normal traffic 16 bytes @ 7:00 AM, suddenly changes to 94 bytes of traffic @7:00 AM
- Commonly used for investigations
- Anomalies: Things that are not right
- i.e., uses dropbox consistently, suddenly uploads files to OneDrive
Advanced Threat Detection
BitHawk™ provides additional threat feeds for those companies looking for additional protection or industry specific protection. Feeds are pushed through your device hourly. We take all the data, and weed out duplicates, age out indicators that are old and consolidate it into specific feeds. Creating 4 different feed streams.
- Open Source: we subscribe to 35 different sources, each source contains thousands of different indicators including: IP addresses, web domains, email addresses, host names, URL's user agent strings, etc.
- Internal: Indicators we generate from the devices we monitor
- Proprietary: Feeds we pay for that are industry specific
- Industry: Industry intelligence sharing groups such as Information Sharing Analysis Organizations (SAO) and Services Information Share and Analysis Center (ISAC) as well as state and federal intelligence sources
BitHawk™ is used to comply with industry regulations. Logs are collected and stored indefinitely. Various reports can be created based off of customer or industry requirements. We can also configure custom alerts like account lock out and failed log-in attempts.