Track and Disable Attackers with Insight Into Their Entry Paths
Attackers know it is likely that certain protocols such as DNS and HTTP will be permitted safe passage through perimeter firewalls. They exploit this fact to establish covert backchannels; ensuring that they can come and go at will without being detected. These types of exposures are difficult to detect without continuous analysis to reveal anomalies in the way these backchannels are actually being used.
Corvil reveals these covert communications channels. Corvil, in real-time, fully decodes payload content and closely tracks communications, exposing anomalies such as DNS tunneling, unusual NXDomain responses, and communication to suspect top-level domains and known command and control servers.
We identify the internal systems using these backchannels and make it easy to pivot investigations to rapidly identify:
Answering those types of questions enables a more effective response, thereby eliminating the threat and limiting the damage. Additionally, insight into how the current attack bypassed existing defenses can be used to harden the environment against future threats.