View
13
Download
0
Category
Preview:
Citation preview
D E E P M E S S A G E I N S P E C T I O N
“Billions of dollars are spent on utterly
ineffective technologies – technologies that
can’t keep us protected from today’s advance
threat actors. The firewalls, intrusion
detection systems and antivirus technologies
that the security industry has relied on for
decades provide little more than a false
sense of security.”
– Amit YorAn, President, rsA
A Cyber Security
Deep Message Inspection (DMI) detects a hack before it’s a threat – Business Logic Monitoring
Breakthrough
Decision-Zone technology is a transformative, message-centric
solution for real-time cyber security. Decision Zone’s Deep
Message Inspection (DMI) detects and remediates threats in
real time, on the message bus – before they compromise your
business.
DMI recognizes deviations from business logic, which are indi-
cators of an attack, compromise, defect or administrative error.
Signature-based cyber security approaches are failing
Today, most network firewalls detect malware identity only
in terms of a signature. But this signature approach totally ex-
cludes malware in the act of compromising the systems on the
message bus. The result is that major security threats exist in
many critical commercial, civil and government networks.
Conventional it & SeCurity CompanieSindicators of Compromisein the Database
Stanford UniverSityindicators of Compromiseon the Message Bus
NASAState Machine Anomaliesin the Database
DeCiSion-Zone State Machine Anomalies & Remediation on the Message Bus
The Evolution of Real Time Security and Business Monitoring
The DMi Breakthrough
DMI dramatically improves system
assurance by enforcing business logic
in a manner that conventional FW/IPS/
DPI was never intended to support:
• Logic Discovery provides automated
learning and recognition of business
logic.
• Pattern Verification detects devia-
tions from business logic
• Behavior Recognition distinguishes
abnormal activities based on tempo-
ral anomalies
Monitoring “The effect” to Pinpoint “The Cause”
Conventional network security is about
monitoring for millions and millions of
known, potential threats – the causes
and indicators of compromise (IoCs).
Unfortunately, these systems consume
vast resources in this effort and yet
have no awareness of what a business
effect would look like because they
don’t understand the logic of the
message bus.
By monitoring the effect (order of
operations problem) Decision-Zone can
identify the specific cause by referenc-
ing the state machine. Current
approaches must associate millions
of cause permutations with the
problem and monitor and investigate
all the cause permutations to identify
that problem.
DECISION-ZONE Business Logic Monitoring E Remediation
CONVENTIONAL Signature Monitoring E Investigations
Indicators of System Compromise Leading to Investigations
Real Time Business CompromiseAlerts Leading to Remediation
INTERNET OFEVERYTHING
AN
OM
ALY
DET
ECTI
ON
DEE
P M
ESSA
GE
INSP
ECTI
ON
STAT
E M
AC
HIN
ES
EVEN
T M
ININ
G
MES
SAG
E B
US
LIV
E EV
ENTS
PATT
ERN
MAT
CH
ING
DEE
P P
AC
KET
IN
SPEC
TIO
N
MA
LWA
RE
SIG
NAT
UR
ES
DAT
A M
ININ
G
DAT
AB
ASE
SYST
E M L
OG
S
sales@decision-zone.com www.decision-zone.com
CONVENTIONAL Signature Monitoring
Monitoring The Cause Monitoring The Effect
Detect the CauseDetect the Problem
DECISION-ZONE Business Logic Monitoring
E Cyber Attack
E System Defects
E Administrative Errors
Equipment Process People
Materials Environment Management
Secondarycause
Primarycause
Problem
Recommended