How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
We have a team of one, me, so we also use their managed services. They monitor things for us and report on any issues. Personally, I haven't had to go into it very much. As they monitor, they will alert me to any issues that they detect through the automated tools and their agents. Once they have an issue, I will look it up and verify the issue and then respond to them on validity; whether it's a known issue or not. We are only utilizing it for incoming and outgoing traffic for our production systems, our development systems, and our on-prem network. As most of our employees are remote, we don't utilize it for their traffic or for any IoT devices. It's mainly for traffic related to our SaaS platform. My involvement has been responding to the alerts that they send me, which has been perfect for me. I don't have the manpower to manually monitor all the time, and that is what our goal was with them.
One of the interesting things that made us lean towards going with Awake was that it fulfilled a couple of use cases. One was the core NDR functionality. We wanted it to be able to monitor our network traffic and alert us on security-relevant events. Another request we had was that because our security team was pretty resource-constrained, we wanted a solution that could provide an in-house managed service for monitoring it, as a partner. Awake was able to provide that, with their MNDR team. and that was something that we found pretty valuable.
We have other network and security appliances and systems in place, but we were looking for something to give us deeper visibility into our network traffic, specifically the lateral, east-west movement. We have pretty good visibility north-south of things going through the firewall, but it was not as good internally. That's our primary use case. And we wanted to have something that would give us relevant alerts and actionable items. We are using a combination of the Awake Security appliance and their network monitoring services. You can get just the appliance and then do the monitoring yourself, but while we use the appliance, we are not doing the threat-hunting ourselves.
For us, Awake provides the insights into our network traffic. It's something of a hybrid. We have on-premise collectors and there's a lot of storage involved, so we keep that on-premise, and then we have a cloud dashboard.
Awake Security was brought onboard to provide governance over the incident response process, which is a managed service. Challenges were identified, such as, no visibility and no network awareness of what's going on in the environment. Once the network visibility was solved, the decision to look at AI related tools was initiated. We will be using its features for compliance as well as threat detection, looking to partner with Awake Security to achieve these goals. Placing their solution in an enterprise financial vertical may allow thinking outside the box, providing additional value in the compliance space. Right now, they are an on-prem visibility solution. However, we are a cloud-first company. Awake Security provides the ability to pivot to the cloud and look at what's going on there. Two compliance use cases: First, we have a new subnet within one of our CSPs, Awake Security will alert when an activity is observed. Second, a new virtual machine has been provisioned and the local endpoint protection is not phoning home. With the correct structured language in place, we will know if the new device has not been seen on the network for longer than five minutes and has not communicated with the update server.
We use Awake Security to monitor internal networks. We monitor the lateral movement of traffic across sensitive networks.
The tool generates automated alarms to correlate any network activity that we see with some of that more deep packet inspection which Awake provides. There is currently not a lot of IoT in our environment.
Our use cases are vast and varied. Quite simply, we looked at tools that would look at network detection and responses out-of-the-box. Looking at Awake, there are hundreds of security use cases built into the system itself. I typically utilize the tool across the enterprise looking to detect those hard to find threats I am looking at: * Indicators of compromise for ransomware * Possible command and controls * Privacy * Clear text passwords * Persistence * Data ex-filtration and compliance for GDPR * Various, very hard to detect models of data ex filtration, such as data ex-filtration via e.g DNS or ICMP * Bad domains and traffic to bad domains * The list goes on and on. I have over a hundred use cases turned on running in the background and looking at the following (for example): * Defense evasion, use of proxies in order to hide data ex-filtration. * Rogue hardware, identifying new devices on my network, whether they be wireless, wireless handheld devices, smartphones, laptops, etc. * Brute force attempts against passwords. * Password spraying attempts. It is deployed inline into an appliance on-prem and leveraging a network SPAN port. We are using the latest version.
The solution is a kind of Swiss Army knife. It can do a number of different things. We primarily use it for network traffic analysis and threat hunting.
We use it primarily for network-based security and threat-hunting across the network.
What do you like most about Awake Security Platform?
Thanks for sharing your thoughts with the community!