Centripetal Networks

The Network Threat Assessment (NTA) will provide additive security value by operationalizing threat intelligence on the client's corporate network. The NTA will deploy a QuickThreat® Gateway using large dynamic sets of threat intelligence derived indicators in real-time. Threat intelligence will include third-party intelligence sources, threat indicators generated from next generation security products, and client internally developed threat intelligence if desired. The NTA will deliver real-time threat awareness, dynamic response, and the identification of previously undetected in- bound and out-bound threats.

 

During the assessment the client will be provided dedicated engineering and analytic resources to assist in the configuration, deployment, and analysis of threat intelligence results. The dedicated resources will be available to assist in reviewing findings, adapting policies, creating risk models tailored to the client enterprise, and coordinating with threat intelligence partners. The engineering and analytic resources will work closely with client employees to understand current threat mitigation workflow and identify opportunities for increased impact and efficiency using Centripetal Networks technology. The dedicated resources will be directly responsible for producing daily, weekly, and executive summary reports.


Thousands of analysts in your defense

 

  • Demonstrate QuickThreat security value and shortened threat mitigation workflows.
  • Operationalize large scale dynamic threat intelligence and produce high-fidelity alerts using enterprise tailored risk model and policies.
  • Immediate identification of internal hosts responsible for generating outbound network traffic to identified threats.
  • Operationalize customer derived threat intelligence.
  • Real-time visualization of inbound and outbound high confidence threats.
  • Daily, weekly, and executive summary reports of threat intelligence application results.

 

Performing an NTA relies on deploying one or more QuickThreat® Gateways in the client network, preferably on TAP ports inside and outside the firewall. If a proxy is in use, the internally TAP should be located as close to the Hosts/Workstations/Users as possible. Additional deployment configurations are possible to achieve full host correlation. Centripetal's deployment team will assist you in determining the best deployment options.

 

The Centripetal team will provide guidance for:

  • Location of the QuickThreat® Gateway or multiple Gateways
  • Configuration of the QuickThreat Gateway
  • TAP/SPAN ports to provide network traffic to the QuickThreat Gateway
  • Configuration for internal host correlation
  • Connectivity to existing Threat Intelligence Platforms (TIP)
  • Connectivity to the SIEM

QuickThreat® Gateway installed in a monitoring configuration

 

An NTA is performed in three seperate stages. Organizations can choose their level of involvement and there are minimal requirements in order to deploy the system properly in the environment.

  • Stage 1 consists of a Network Survey and Installation, customization of the risk policy and threat intelligence sources, host correlation, and begins the collection of network activity.
  • Stage 2 consists of three weeks of data processing, intelligent analyst-drive reporting, presentations of findings, and training of the security and network operations teams.
  • Stage 3 is post-NTA for organizations pursuing a continuation with the Network Threat Management (NTM) service, or a full deployment of QuickThreat®.

 


Automatically apply Machine Readable Threat Intelligence (MRTI) in your network

 

STAGE SCHEDULE ACTIVITY CLIENT RESOURCE
1 Pre-NTA Complete Network Survey Form and Schedule Installation Security and Network Operations Team
Day 1 Installation of QuickThreat® Gateway (<4 hours) Network Operations Team and Security Team Members as needed
Customize Policy including relevant data sources
Ensure configuration includes internal host correlation
Week 1 Evaluate threat based activity on the client network
Produce Assessment Report with actionable insights
Present and Review Assessment Report with Client Security Team Members and Manager as needed
Provide Analyst Training on Threat Intelligence and Analyst Strategies Security Team Members
2 Week 2 Evaluate threat based activity on the client network with insights gained from previous report
Produce Assessment Report with actionable insights
Present and Review Assessment Report with Client Security Team Members and Manager as needed
Provide Analyst Training on QuickThreat Manager and Analyst Workflow Security Team Members
Week 3 Evaluate threat based activity on the client network with insights gained from previous report
Produce Assessment Report with actionable insights
Present and Review Assessment Report with Client Security Team Members and Manager as needed
Provide Analyst Training on QuickThreat Manager and Operators Workflow Security Team Members and Network Operations Team as needed
Week 4 Evaluate threat based activity on the client network with insights gained from previous report
Produce Final Assessment Report with Threat Intelligence Overview and actionable insights
Present and Review Assessment Report with Client Security Team Members and Manager as needed
3 Post NTA Sign Agreement to continue in NTM service or purchase & deploy system operationally Executive Sponsor
Plan deployment and perform Kickstart services on site Network Operations Team

 

During an NTA, the QuickThreat® Gateway is deployed in the client network, preferably on TAP ports inside and outside the firewall. In order to test that full path correlation is functioning properly, a user inside the network can use the instructions found in this document to test IP, FQDN, and URL indicator matching and learn how to extract the PCAP contents to retrieve the contents of the file.

 

Instructions include:

  • Create IP, FQDN, and URL Indicators
  • Create Policy based on test indictors and enable PCAP
  • Navigate to the NTA test page from a client inside the network
  • Ensure correlation of network traffic matches the unique client
  • Download test document PDF
  • Extract PCAP contents to retrieve the original downloaded file

 


NTA Test Document and Instructions

 

 

For information regarding a Network Threat Assessment Service please submit the following and you will be contacted shortly.

 

 

 

 


Find Out More