Relentlessly Hunts Hackers in Your Network
Red Hand collects and analyzes network traffic data for suspicious behavior, sending an alert or
taking a custom action when any is detected.
Network data can come in the form of raw packets
or
Netflow logs. Opening encrypted packets is not required, and raw data never leaves your
organization.
Detects active hackers before it's too late
While hackers often evade endpoint security software, they can’t avoid the network during most stages of a breach. From initial access to final data exfiltration, their actions are on the network and impossible to hide if you know where to look.
- Discovers command and control activities, including stealthy techniques
- Identifies all varieties of data collection and exfiltration, even when disguised
- Identifies lateral movement using behavioral baselines
- Detects all possible scanning and discovery attempts
- Extremely low latency for real-time response and intervention
A self-learning detection engine, with a twist
This is not just another noisy network anomaly detection tool. Our behavioral detection engine meticulously analyzes network activities, distinguishing between likely innocent operational behavior and suspicious activities that may indicate a hacker.
- Automatically creates behavioral profiles for all network endpoints and services
- Provides an intuitive UI to integrate your own network knowledge into the engine
- Enables the creation of fully manual behavioral profiles for maximum security
- Hard to evade due to each network having a unique "behavioral fingerprint"
Integrated with up-to-date threat intelligence
Maintains an up-to-date list of online services, including their typical uses and involvement in recent attacks.
- Maintains a list of over 18 million suspicious IP addresses and domains
- Provides useful contexual data like page rank, whois data and more
- Updated daily to ensure maximum reliability
Monitors both cloud and on-premises networks
We continuously monitor and analyze network activity for hacker threats in both raw packet format and NetFlow files, providing visibility into both on-premises and cloud networks.
- Supports AWS, Google Cloud and Microsoft Azure Netflow logs
- Leverages VPC packet mirroring capabilities for cloud deployments
- Leverages your TAP or Packet Broker investment for on-premises deployments
Access invaluable data for active investigations
Your existing endpoint security software may alert you to suspicious activity, but these alerts are often false alarms. Our reliable forensic data helps shorten your investigations.
- Confirm or refute suspicions of a cyber incident raised by other security tools
- Determine the extent of the infection and which assets were affected
- Determine if and how much data was stolen, and identify where it was taken from