Overwatch Signature-less Router and Firewall Protection

Overview

Image

Routers and firewalls are indispensable parts of any network security architecture. However, they are just as vulnerable as the computers they protect. What makes the matter worse is that these critical network devices are not designed for third-party security solutions so there is no easy way to protect them. And when a one of these devices are compromised, the entire network is essentially compromised.

That is where Overwatch comes in. Overwatch is an agent-less detection solution that finds the nastiest, most advanced persistent threats that infect these devices. Because of Overwatch's agent-less design it works with any make or model of router or firewall. With a variety of alerting features available, you will be notified at the first sign of compromise which means less disruption and down time and most importantly less potential data loss or damage.

By using a patent-pending detection technology, Overwatch is uniquely positioned to protect the devices you rely on to protect your network. Overwatch can be used as a standalone product or can be configured to work in conjunction with Correlate.

"The future of cyber security is going to require an evolved philosophy that assumes a state of compromise. Real-time network traffic monitoring technology should be configured to empower a more effective alert system."

PwC

How It Works

Overwatch is a network appliance that plugs inline into your network. Supporting 1Gbe and 10Gbe speeds, one Overwatch device can protect one router or firewall, or both devices if they are sequentially inline of one another.

Overwatch can sit on the network as a passive or active device. Even when used as a passive device, numerous alert options are still available so you are notified when something is detected. Overwatch can work hand-in-hand with Correlate and uses the same analytic principles that Correlate uses to detect stealth packets. When used in conjunction with Correlate, the Overwatch device will take over the network-centric analysis that the Correlate server would perform while still staying as the central management and alerting system for the overall deployment.

Protection

SYNful Knock is probably the first widely publicized piece of malware to target a network device. More specifically, it targeted Cisco router firmware and overwrote it with a malicious copy. Once the malicious copy was running, the attackers could then load additional payloads onto the device to perform a variety of tasks from packet redirection to bypassing router policy.

While SYNful Knock was widely reported, it was nothing compared to the leaking of the so-called 'Equation Group's' partial malware toolkit. The data dump, released by a group named the Shadow Brokers, contained numerous zero-day exploits as well as payloads and other tools designed specifically to attack and compromise a variety of firewall devices. Big names like Cisco and Fortinet to lesser known brands like TOPSEC were targeted by the Equation Group for many years.

So what can you do? The unfortunate answer, until Overwatch, was not much. The stealth and sophistication of these attacks made them almost impossible to detect and defend against. And while it is assessed that both SYNful Knock and the Equation Group are related to nation-state attackers, it will only be a matter of time before there are open source toolkits designed to create and deploy router and firewall implants. The massive data dump release by the Shadow Brokers will surely help that effort.

Network devices are the next major front that attackers will wage against your business and organization. While it has simmered for many years, the recent leak of the Equation Group's tools is the proverbial "shot heard around the world." Network device security is critical to the security of your entire network and Overwatch is designed provide the security that's required. Any make and any model. Router, firewall or some other type of networked device. All can be protected so you can be alerted at the first sign of compromise.

Why Overwatch?

There is no existing solution on the market today that provides the ability to detect if your networked device is compromised in a signature-less, agent-less way. Only Overwatch, with its patent-pending detection technology, is designed and positioned to protect the your critical network infrastructure.

White Papers

Network Device Protection with Overwatch: Signature-less and Agent-less Detection of Compromised Network Devices.