Cyber SafeAlert

Signature and behavior-based analysis of dangerous malware and other risks in network traffic.

Data is constantly being received from and sent to the internet, both actively and passively, by legitimate users as well as attackers who take advantage of this exchange. The Cyber SafeAlert Solution detects suspicious patterns and anomalies such as malware, command and control servers, bots, spyware, drive-by sources, DDoS targets and sources.

Signature-based recognition works by discerning predefined patterns. However, attackers are increasingly finding novel methods of infiltrating networks that defy easy identification. Behavior-based detection specializes in exactly this area.

Choose from the various package sizes, depending on the amount of data to be analyzed.

Continuous external and internal scans identify and report on existing vulnerabilities in your IT so you can address them in a structured manner.

External and internal vulnerability scans (called Vulnerability Management and Assessment) give you an overview of current vulnerabilities in your network categorized by risk level (high, medium and low). You can see the results in your Cyber SafeAlert Cockpit: a clear priority list for processing and preparing information to meet compliance requirements. Employee training is not necessary.

In addition to fast and efficient authenticated and non-authenticated vulnerability scans, compliance and password checks identify configuration issues related to applications, passwords, and user policies. The system detects standard or missing passwords, outdated patch versions for installed software and services for Windows systems with registry and dll checks.

The number of devices, which are decisive for the scans, varies depending on the package you choose. Depending on your choice the package performs either one or both types of scans.

In addition to findings from automated risk analyses, framework factors for your IT security are also included.

How high is the current risk of your business being harmed by a cyber-attack? Cyber SafeAlert provides an overview of the facts underlying your current IT risk. This includes information gained from the automated risk analysis as well as framework factors that impact your IT security. Organizational details inside and outside your company are regularly queried as part of a simple and understandable self-assessment and included in the risk analysis.

Logs are an important source for tracking safety-relevant events. They are therefore collected, analyzed, correlated and may result in alarms.

Logs from various sources in a network (servers, clients, network devices, firewalls, applications, etc.) provide crucial information on security-relevant events. The trick is to filter out the truly relevant information from millions of events. This IT risk recognition module is called Security Information and Event Management (SIEM).

Numerous common log formats are supported by SIEM. When choosing a package, each with a maximum number of log sources, you define which log sources are relevant for your company.

SIEM compiles information and events from these log files, and a state-of-the-art correlation engine identifies potential risks using continuously expanded tailor-made rules and policies.

Analysis of web downloads and/or e-mail attachments.

Novel or disguised malware, Advanced Persistent Threats (APTs) and Trojans enter networks through web downloads and/or email attachments because they cannot be detected by signature-based systems alone. In addition, there is the risk of insider threats, whereby important information is obtained without authorization. DEKRA Cyber SafeAlert uses several systems for signature- and behavior-based analysis of the latest generation of network traffic and sandbox technologies with complete system emulation to analyze all incoming email attachments and web downloads and evaluates the findings centrally. The topicality of this module is ensured by continuous feed updates.

Safety-relevant data are culled from the large mass of data with the help of a comprehensive correlation. Data is correlated both within a risk recognition module and across several other modules.

A single piece of information within a mass of data does not often indicate your security relevance clearly. Only a combination of information creates the valuable puzzle pieces that are necessary to track down an attacker. A correlation of logs with vulnerabilities, IDS data or SIEM findings allows a complete overview of security-relevant data.

Correlation and cross-correlation are based on rules, policies and self-learning algorithms: Rules are predefined to recognize patterns and are continuously being extended. Policies are used to determine whether specific actions are taking place at the right time and in the right place. Self-learning algorithms include the Correlation Engine's ability to learn to distinguish between normal and abnormal occurrences and to detect behavioral changes in applications, servers, and other network areas. Examples of anomaly detection include use outside business hours, excessive use of applications or other IT services and patterns in network traffic over time and compared to past periods (taking into account daily, weekly, monthly, and seasonal variations).

Brings together the latest security-relevant information.

Threat Intelligence information is gathered from many of the world's leading internal and external commercial and open source sources. It enables malicious behavior to be detected more quickly - for example, connections from or to suspicious IPs from the internal IT infrastructure.

This information includes IP addresses with bad reputations, URLs, email addresses used for phishing, and file names, file paths, or user agents used for malware.

Cyber SafeAlert's comprehensive collection and processing of security-relevant data, coupled with the extensive threat intelligence information from various sources, allows for unparalleled speed in detection and response.

All insights gained are presented centrally, comprehensibly and clearly in the Cyber SafeAlert Cockpit. They are prioritized and accompanied by adjustment suggestions, so you know what to do and when to do it.

The cockpit shows your individual overview of the safety-relevant information provided by the automated detection. The results are compared with the established, classified and prioritized security issues. Users can select which devices should be included in the check among those available in the overview list.

You know what should be done, in what order, and you already have the information you need to take the next steps to eliminate or minimize the risk. Cyber SafeAlert provides the most important and comprehensive information clearly and conveniently, no need to look further!