The Red Cloak of security

Dell SecureWorks is launching Advanced Endpoint Threat Detection (AETD) Red Cloak , a fully-managed SaaS solution armed with revolutionary endpoint threat detection and monitoring capabilities. With lightweight sensors that can be provisioned in minutes for organizations to download to their endpoints, AETD Red Cloak can scale via a cloud delivery model to any size environment and slash the time required to detect and respond to cyber-attacks from months or weeks to hours or minutes.

  • 8 years ago Posted in
Too often, attackers go undiscovered within a victim’s network for months or even years. In one instance, the Dell SecureWorks Incident Response team deployed AETD Red Cloak in a client’s environment and within 48 hours was able to discover that threat actors had compromised the environment 14 months earlier. With AETD Red Cloak’s emphasis on sweeping for forensic evidence of malicious behavior, organizations can identify attacks whether malware is involved or not and quickly pinpoint the affected devices to reduce the cost and time it takes to respond.  
 
“Hackers are increasingly using endpoints to enter companies’ infrastructures to steal valuable data,” said Jane Wright, senior analyst and engagement manager for security at Technology Business Research. “To detect and shut down the hackers’ activities right away, companies need more frequent, expert vigilance to quickly spot suspicious activity and behaviors on their endpoints. For many companies, a blend of managed and consulting-style services that combines continuous monitoring with personalized threat hunting and immediate incident response is an efficient and effective way to protect their data and other IP from cyberattacks.”
 
With AETD Red Cloak, Dell SecureWorks is bringing to market a fully-hosted endpoint security solution powered by up-to-the-minute threat intelligence provided by experts from the Counter Threat Unit TM (CTU) research team as well as the global visibility that comes from protecting more than 4,100 clients in 61 countries. Red Cloak was initially developed to support the company’s Targeted Threat Hunting and Response professional services teams.
 
“Historically, Red Cloak was only used by our Incident Response (IR) team when they went out on IR engagements to uncover undetected malicious activity taking place in organizations’ IT environments,” said Aaron Hackworth, senior distinguished engineer with Dell SecureWorks’ CTU team. “However, Red Cloak was so successful in rooting out the threat actors that many of our Incident Response clients insisted we leave the Red Cloak solution installed in their IT environment to alert them to any future malicious activity. Those successes are what drove us to enhance the solution and make it available to help organizations around the world fight the stealthy cyber-attacks.”
 
The Red Cloak solution is especially critical for catching attacks that don’t use malware. Once inside a network, attackers are continuing to evade traditional endpoint security controls often by leveraging compromised credentials and tools native to the target’s environment, such as remote access services, endpoint management platforms and other legitimate system tools. This tactic is called “living off the land,” and was used to gain entry in more than half of the cyber-espionage incidents Dell SecureWorks responded to last year.
 
To give organizations the earliest possible warning of compromise, AETD Red Cloak’s sensors search for forensic evidence of malicious activity while continuously collecting information about what is happening on the device, such as what programs are running, what commands are being executed, network connections, thread injection, memory inspection and more. The sensors send the collected data to the Red Cloak Analytics system, hosted off-premise, where it is analyzed using intelligence from Dell SecureWorks’ CTU researchers to spot attacker behavioral patterns and other indicators of compromise.
 
“The cyber attacker has to set off just one of the tripwires, which we have installed in our clients’ environment, in order to trigger an alert,” said Hackworth. “By focusing on threat actor behavior and not just the tools and infrastructure they use, we can identify and flag suspicious activity that bypasses firewalls, antivirus, intrusion prevent and detection devices and other traditional security controls. With the depth of monitoring we offer, we can put that activity in a larger context to quickly determine the scope of an intrusion.”
 
The solution blends multiple views of system activity to see beyond static indicators such as IP addresses and domain names and uncovers the behaviors and techniques of cyber adversaries. AETD Red Cloak has been deployed on more than 3,500,000 endpoint devices, including desktops, servers, and laptops.
 
Because AETD Red Cloak is a SaaS solution, it easily scales to meet the needs of a growing organization. Currently, AETD Red Cloak supports endpoints running the Windows operating system. Support for other operating systems is planned for the near future. The Security Analysis Team Cyber Threat Analysis Center will provide an electronic notification within 15 minutes of the determination that activity constitutes a security incident. Targeted or high-impact incidents are forwarded on to the Senior Intrusion Analyst Team, with a response guaranteed within 24 hours of the determination.
 
AETD Red Cloak builds upon Dell SecureWorks’ endpoint security portfolio, which already features the endpoint monitoring capabilities of the AETD Carbon Black service. AETD Carbon Black provides strong malware detection capabilities and focuses on file execution, the system registry and network connections. It also includes an onsite management console.
 
AETD Red Cloak is currently available in the North America, Latin America, EMEA and the ANZ regions. Language support is only in English at this time.
54% of consumers don’t know how much personal data AI tools collect.
By Alan Jacobson, Chief Data and Analytics Officer, Alteryx.
Research finds that the industry is struggling with a growing resource and skills gap while...
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...