Welcome to RedSocks Documentation!(586) 628-7529
Any type of attack, whether done manually or with the help of tooling, will always reveal itself sooner or later through outbound traffic. The attacker will always need to ex-filtrate data or maintain access to the network by beaconing to a controlled system in order to connect-back. The MTD will recognize the most sophisticated attack in real time, or by finding a sort of pattern over a longer period.
Cyber Threat Intelligence
RedSocks cyber threat intelligence (CTI) delivers of state of the art, high-quality, high-volume and hourly updates of threat indicators. The CTI is built and updated by the RedSocks Malware Intelligence Team using a combination of RedSocks labs, partner feeds, commercial feeds, and open sources. Every hour approximately 100.000 updates are processed. Cyber threat intelligence consists of heuristics analyses including the destinations, behaviors and patterns in network traffic.
Flow Data & Encrypted Data
A state of the art breach detection solution only analyzes the flow data (meta data) and does not require decrypting any data, which maintains the privacy and confidentially of the contents. Considering the rapidly changing internet landscape which brings along with it an increase in protocols, bandwidth, and encryption - decrypting SSL traffic is not sustainable.
The RedSocks MTD solution operates parallel to the network infrastructure and has no impact on network performance. Using mirrored traffic (SPAN data) the RedSocks Probe filters out all content leaving only the meta data. This meta data is sent to the central RedSocks Malicious Threat Detector, where the meta data is stored (forensically) and analyzed (using CTI).