Nifty

TDS

TDS leverages threat intelligence data and machine learning technology to detect all types of malicious code targeting your network:

  • Targeted threats and zero-day attacks
  • Malicious documents
  • Banking Trojans
  • Surveillance soſtware
  • Mobile Trojans
  • Remote access tools
  • Backdoors
  • Other threats

The TDS solution designed to detect targeted attacks and includes 3 modules that can be used independently:

TDS Sensor:

  • Analysis of incoming and outgoing data packages using signatures and filter rules leveraging Group-IB’s unique threat data.
  • Detects infected nodes establishing “their interaction with C&C servers.
  • Identifies network anomalies generated by malware using machine analysis algorithms
  • Integrates with the Polygon behavioral analysis system to detect unknown malicious codes.
  • Transfers information about detected incidents to the Group-IB cloud data center (SOC) or an internal log storage system.

TDS Polygon:

Analysis of suspicious objects in a secure environment enables the client to prevent infections caused by:
  • Phishing mailouts
  • Web browser attacks
  • Attacks using unknown malware and tools
  • Polygon analyzes files received from TDS in an isolated environment and performs an independent assessment of their threat level.
  • Files are analyzed in the company’s perimeter that guarantees their confidentiality.
  • You can contact Group-IB to perform further investigation and response actions.

SOC Group-IB:

Manual log analysis and allocation of critical incidents; technical support by Group-IB experts 24/7/365.
  • Clients are notified of critical infections by phone and email.
  • Group-IB specialists are able to perform on-site investigation to collect digital evidence.


UNIQUE THREAT DATA SOURCES

High-tech infrastructure designed to collect threat data enables us to duly update filter rules and signatures in order to effectively detect critical incidents.

INTELLIGENCE

Exclusive intelligence data about malicious programs, new attack tactics and С&С server address as well as modifications of well-known viruses.

MACHINE INTELLIGENCE

Detection of unknown malicious code and modelling new attack tactics using advanced machine learning technology.

Machine intelligence safeguards your security

Group-IB uses machine learning technology to analyze security expertise and intelligence information that has been gathered since 2003. Based on analysis results, Group-IB has developed a timely updated classifier. The machine learning process is controlled by experienced analysts who minimize false positives.

HOW TDS THREAT DETECTION SYSTEM WORKS:

TDS SENSOR

  • Detects infected nodes establishing “their interaction with C&C servers.
  • Identifies network anomalies generated by malware using machine analysis algorithms
  • Integrates with the Polygon behavioral analysis system to detect unknown malicious codes.
  • Transfers information about detected incidents to the Group-IB cloud data center (SOC) or an internal log storage system.

TDS POLYGON

  • Polygon analyzes files received from TDS in an isolated environment and performs an independent assessment of their threat level.
  • Files are analyzed in the company’s perimeter that guarantees their confidentiality.
  • You can contact Group-IB to perform further investigation and response actions.

SOC GROUP-IB

  • The events are grouped by type and manually analyzed by Group-IB specialists.
  • Data is analyzed 24/7/365.
  • Your company will receive immediate notifications of all detected threats transmitted over a convenient communication channel.

Maximum Convenience

Web-based support ticket system for effective response

Cloud Interface

All threat reports are available in a convenient web interface.

Effective Support

An internal ticket system for communications with colleagues, incident allocation and response can be integrated into the local web interface.

Informative Reports

Visualized statistics by periods and event types enables the client to track changes in attack dynamics and nature. SIEM Integration The event flow can be sent automatically to any SIEM or log storage system via the syslog standard mechanism.

Focus on incident response by outsourcing log analysis to experienced CERT-GIB specialists

  • Deep knowledge of actual threats, forensic skills and criminal investigative experience
  • Best practices in international incident response:CERT-GIB is a member of Trusted Introducer and the largest association of response teams — FIRST