Guardian Services


The Need for a Better Defense

In recent years, cyber attacks have escalated in complexity and behavior. Today’s intrusion detection systems (IDS) are losing ground and becoming less effective at meeting the challenge of defending enterprise networks against such threats. New approaches are needed in key areas such as defending against untrustworthy insiders and detecting complex distributed attacks that can span multiple ingress points and extended time periods. In order to proactively defend against unknown emergent and hard to detect threats, cyber defense strategies must be able to connect activities anywhere and at any time on the enterprise network.


Guardian Assessment

To meet these needs, Sonalysts Guardian Services offers our Guardian Assessment service. Guardian Assessment is a cutting-edge managed security solution based on Behavioral Network Forensics. Our approach complements existing solutions but offers several key advantages over conventional IDS methods:


  1. Anticipating Threats Before They Become Attacks

  2. Modern cyber threats are able to quickly change their behavior and evolve to outsmart signature-based detection methods. It is no longer enough just to keep security patches up to date. The best defense now must be proactive, building baselines of normal enterprise network behavior and taking note of behavioral anomalies, with the ability to correlate suspicious behavior patterns as they develop.

  3. Drilling Through the Noise of High-Volume Data

  4. Modern enterprise networks generate enormous amounts of data. It’s hard to know what to spend time analyzing and just as hard to keep up with the constant influx of new data. Our unique approach is based on applying cutting-edge data fusion and data mining algorithms to derive behavioral feature characteristics over different time periods. By working with aggregated behavior instead of network identities, this approach also deals securely with many of the privacy concerns that arise in network data analysis.

  5. Multiple Time Scales Can Be Analyzed

  6. Cyber threats such as Botnets increasingly use a “low and slow” attack methodology, staying under the radar of conventional detection strategies. Our unique capability lets us connect the dots over long and multiple time scales, leveraging the past and the present to detect potential threats.