Story image

Positive Technologies reveals updated cybersecurity platform

By Mitchell Hageman, Tue 14 Dec 2021

Positive Technologies has released a new version of its Network Attack Discovery solution, PT NAD.

The enhanced technology looks to expand the reach of the current solution by utilising deep analytics modules that detect 37 different types of suspicious activities.

The company says this is a ninefold increase over previous versions, and results are all displayed in a single feed to help organisations and end-users respond to threats faster.

PT NAD 10.2 is said to focus on detecting attacks on the perimeter and inside corporate networks, making hidden threats visible and identifying suspicious activity even in encrypted traffic.

According to research from PT NAD pilot projects in 41 large companies, regardless of the sector, there are violations of information security regulations in 100% of corporate networks, suspicious traffic in 90%, and malware activity in 68% of them.

The new technology encompasses a range of tools and processes that the company says will help users learn faster when there's malware activity in the network.

The system can identify over 86 protocols and parses the 30 most common ones up to and including the L7 level, providing organisations with a complete picture of what's going on in the infrastructure to help them identify security flaws that enable attacks.

It also provides security operations centers (SOCs) with full network visibility, enabling them to know whether an attack was successful, reconstruct the kill chain, and gather evidence.

In addition, the software has an activity feed that continues to display user notifications, alerts and indicators of compromise that are being triggered during the retrospective analysis.

Some of the possible indicators that the system has been designed to pick up are use of dictionary passwords and information about unknown Dynamic Host Configuration Protocol (DHCP) servers, which automatically assign IP addresses and other communication parameters to devices connected to the network.

The updated system now also parses all existing SQL data transfer protocols: MySQL, PostgreSQL, Transparent Network Substrate from Oracle, and Tabular Data Stream (the ability to detect it was added in the previous version). 

PT NAD also detects the protocols of the Elasticsearch system and PostScript printing, which printers in the corporate network use to communicate.

Head of PT network attack discovery development Dmitry Efanov, says that it's important for companies to have a well-rounded view of their security infrastructure to be able to have trust in their network.

"It's critical to accurately map the company infrastructure in order to protect it. PT NAD 10.2 gives security specialists an even greater understanding of devices present in the network and the roles they play, helping secure the network more effectively," he says.

Positive Technologies provides solutions in a range of industries and situations, including banking, telecom, web application, and ERP security. 

Recent stories
More stories