In the event of an attack, the 6cure Threat Management (6cure TM) solution is used to identify all local countermeasures that can be activated, assess the impact of the attack on system operation, assess the relevance of potential countermeasures, assess the impact of activating them with respect to optimal system operation, then offer a set of response strategies to the security operator.
During an attack, the security operator must have the best vision to be able to devise a solution and make a decision on the countermeasures to be implemented for the incident. The best response offers broad overall coordination, ensuring the relevance of the response and its coherence in the context of the incident, and enforcing security policies in the applicable environment. Currently, many solutions allow execution of actions in order to react to attacks, but they are limited, in particular as they are not aware of the whole context, especially the impact of their own response mechanisms, which are often static and pre-determined. Our solutions facilitate the collaboration of these "active elements" in a better-coordinated response strategy for attacks and provide security operators with a valuable decision support.
Added value from existing infrastructure
6cure Threat Management is firstly used to identify active elements available on your organisation's information system. These active elements cover all the hardware and software systems able to implement attack response configurations: network equipment (routers and switches), security devices (firewalls and IDS/IPS), user directories (LDAP and AD), authentication systems and desktop access rights.
When an attack takes place, as soon as the security alert is received, the 6cure Threat Management solution identifies the parties involved in the attack (sources, targets, relays and vectors of the attack), and assesses the different possible response strategies based on the type of event, the form and topology of the attack, and the response means that can be used amongst the previously-identified active elements. This assessment takes into account the effectiveness of the proposed countermeasures, the harmfulness of the attack, and the estimated impact of the response on the protected system.
The operator therefore instantly has all the decision elements that can be used to drive the response configurations provided by 6cure Threat Management. It is therefore possible to respond to an ongoing attack almost in real time, by activating smart combinations of countermeasures with assessed impacts and effectiveness: filtering and access control, compartmentalisation, very accurate cleaning of harmful flows, etc.