Cybersecurity

Digital Forensics

Snowshoeing

In this case, there is a bad actor who penetrated your network and has been resident in your network for longer than you realize. Cyber intruders are known to wait months, or longer, to carry out their plans. Financial institutions face the risk of immense loss from cyber attacks, they must carry a large reserve of cash (negative for the bottom line) to hedge against such risk. Proof that an Enterprise has invested in digital forensic searches to minimize the risk that their networks have been penetrated results in savings for the reserve (positive for the bottom line).   

Reducing analysis time (on the known threat) from several hours to a few minutes, Trovares and HPE collaborated to test a cybersecurity solution with a large HPE enterprise customer. The proof-of-concept testing had two primary goals: 

  • Demonstrate the superior scale and acceleration that can be achieved by combining HPE Superdome Flex server with Trovares xGT analytics. 

  • Address the pain points of the customer and show the value added by the solution with respect to rapidly hunting attacks, finding new threats, and adding more context to the identified threats to eliminate false alarms 

This customer had an interest in improving their detection of “snowshoe” attack patterns. Snowshoeing is an approach to detection evasion in which an attacker uses strategic timing intervals or multiple IP addresses to avoid tripping a rule-based detection mechanism. Effective snowshoeing means that an attack avoids “falling through to snow,” by spacing and spreading their steps just beyond the detection limits of a system. The customer was being saturated with an ever-increasing number of logs collected on a constant basis. The customer also wanted to reduce the attack detection time, as compared to their existing methods. Solving these challenges was critical for their business. 

Trovares xGT significantly reduced the threat hunting time compared to the existing customer solution.