Positive Technologies

Vulnerability Management, Telecom Attack Discovery , Application Inspector, NAD, WAF

Time tested solutions

Never fall prey to cyber fraudsters

The continuous evolution of enterprise IT infrastructures—including increased use of various applications, mobile technologies, cloud-based services, virtualization, and off-the-shelf libraries and frameworks for development of custom applications—has created new attack vectors for cybercriminals to exploit.

Your struggle ends here; right now

MaxPatrol Vulnerability Management

Perhpas, you’re already conducting annual or quarterly vulnerability audits to complement your existing security measures. However, the steady stream of changes to your systems, applications, and configurations create cracks in your security—and our extensive experience tells us that most companies are not as protected as they think they are.

MaxPatrol Vulnerability Management solutions have been deployed at some of the best known organizations for over a decade and half, into various verticals such as Oil and Gas, Telecom, Government, Banking.

MaxPatrol ^TM is made for managing vulnerabilities and compliance on corporate information systems. Penetration testing, system checks, and compliance monitoring are at the core of MaxPatrol ^TM. Together, these mechanisms give an objective picture of the security stance across IT infrastructure as well as granular insight at the department, host, and application level—precisely the information needed to quickly detect vulnerabilities and prevent attacks.

Web Application Firewall

A flexible and precise tool for fully securing applications, APIs, users, and infrastructure against web attacks.

Profiling with behavioral analysis improves application security – and even allows predicting how an attack will unfold.

We combine multiple techniques based on machine learning algorithms to flag anomalies and automatically stop never-seen-before threats

Built-in security scanners, plus PT Application Inspector integration, detect vulnerabilities in application source code and block attack attempts

Application users stay safe thanks to the client-side WAF.js module, data masking and granular access settings

Modeling of user behavior makes it easy to identify bots and thwart automated attacks without slowing legitimate traffic

Threats to web and mobile APIs are stopped by analysis of JSON and XML data as well as Approov integration

PT-WAF Salient Features

State-of-the-art technologies and integrations, such as with PT Application Inspector, provide comprehensive and continuous protection for your apps (even ones with continuous development cycles), users, and infrastructure.

Rapid Deployment

PT WAF can be deployed as a physical device,nvirtual machine, in a Microsoft Azure cloud, or on dedicated virtual infrastructure. Supported modes include a transparent proxy server for near-instant deployment. A setup wizard, intuitive web interface, and provided security policies take the guesswork out of getting started.

Critical Risk Prioritization

Dramatically increases your operational efficiency with an innovative risk scoring system based on an attacker’s priorities.

High Detection Fidelity

Unlike any traditional website firewall, our innovative WAF solution combines positive and negative security models, constant analysis of user behavior, and machine learning. These technologies minimize the number of false positives and enable precise threat detection, including common attacks such as XSS, DDoS, automated attacks, as well as previously unknown (zero-day) attacks.

Automatic Threat Triaging

A special correlation mechanism builds attack chains for spotting APTs and automatically prioritizes threats. Thanks to this unique web app firewall functionality, serious risks instantly become visible and can be handled accordingly. In addition, PT WAF detects vulnerabilities with SAST and DAST, which it combines with correlations to significantly simplify incident investigation.

Complete Protection

With built-in security scanners and integration with PT Application Inspector, PT WAF can instantly prevent attacks on vulnerabilities in application code and on errors in web server and CMS configurations. Users are protected by the WAF.js module, data masking, and granular access settings. Integration with other defenses (Check Point, Approov, Arbor, antivirus solutions) strengthens corporate security across the board

Maximum Performance

Advanced traffic handling techniques, compression, caching, and data aggregation: PT WAF leaves light resource footprint on virtual infrastructure. Support for cluster deployment means that PT WAF can handle security for even the busiest applications, which provides huge be benefits for organizations with apps of any number and complexity

PT Application Inspector

PT Application Inspector is the only source code analyzer providing high-quality analysis and convenient tools to automatically confirm vulnerabilities — significantly speeding up the work with reports and simplifying teamwork between security specialists and developers

Overview

PT Application Inspector is the right choice for applications of any size and industry. A unique combination of scanning methods—static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), software composition analysis (SCA), plus fingerprint and pattern matching— guarantees accurate results to defend applications everywhere from landing pages to corporate portals, online stores, banking apps, cloud services, and e-government portals.

The combination of static, dynamic, and interactive application security testing (SAST + DAST + IAST) delivers unparalleled results. PT Application Inspector pinpoints only real vulnerabilities so you can focus on the problems that actually matter

Accurate detection, automatic vulnerability verification, filtering, incremental scanning, and an interactive data flow diagram (DFD) for each vulnerability are special features that make remediation so much quicker

Minimize vulnerabilities in the final product and the costs of fixing them. Perform analysis at the earliest stages of software development

Security development lifecycle (SDL) full support. Integrates with most popular bug trackers systems, CI/CD and version control systems (Jira, Jenkins, TeamCity, and more)

Block application layer attacks with automatic export of vulnerability reports to PT Application Firewall. Your application always stays protected. PT AF blocks attacks at the firewall level – even when your team is still working to make a fix

PT AI helps you to regularly perform in-house compliance audit. Source code is checked for application security risks and undeclared functionality, easing compliance with key industry standards including PCI DSS

PT Network Attack Discovery

PT Network Attack Discovery is a deep network traffic analysis (NTA) system for detecting attacks on the perimeter and inside your network. The system makes hidden threats visible, detects suspicious activity even in encrypted traffic, and helps investigate incidents

Key Takeaways

Network Visibility

NAD identifies over 80 protocols and parses the 30 most common ones up to and including the L7 level. Get a full picture of what is going on in the infrastructure to identify the security flaws that enables attacks.

Detects Hidden Threats

The system automatically detects attacker attempts to penetrate the network and identifies hacker presence on infrastructure based on a wide range of indicators, including use of hacker tools and transmission of data to attacker servers

Empowers SoCs

NAD provides security operations centers with full network visibility: know whether an attack was successful, reconstruct the kill chain, and gather evidence. To do this, PT NAD stores metadata and raw traffic, helps quickly find sessions and identify suspicious ones, and supports traffic export and import

What can PT NAD detect?

Threats in Encrypted Traffic

Thanks to advanced analytics, PT NAD pinpoints malware hidden by TLS

Lateral Movements

PT NAD detects attacker attempts to expand their presence by observing as they engage in reconnaissance, remote command execution, and Active Directory and Kerberos attacks

Use of Hacker Tools

The PT Expert Security Center (PT ESC) investigates complex attacks, constantly explores new threats, and monitors hacker activity. Armed with this knowledge, experts create PT NAD rules for detecting all popular hacking tools in action

Vulnerability Exploitation

Our unique vulnerability database is constantly updated with data about new vulnerabilities, including ones that have not yet been included in the CVE database. The result: PT NAD detects exploitation attempts in record time.

Positive Technologies is a MAPP member. We receive information about zero-day vulnerabilities in Microsoft’s products. That’s why PT NAD’s customers get protection faster

Malware Activity

PT NAD detects activity of malware on the network. Hackers can easily hide malware from antivirus scanners, but hiding their network footprint is much more difficult. By analyzing network activity, PT NAD helps localize threats

Past Attacks

Every time the PT NAD database is updated to fight new cyberthreats, the system checks traffic retrospectively. Even previously unknown threats don’t slip through the cracks

Malicious Evasion from Security Tools

PT NAD detects DNS, HTTP, SMTP, and ICMP tunnels used by attackers to steal data, communicate with C&C servers, and hide their activity from security tools.

Connection to auto generated Domains

Machine learning in PT NAD identifies connection with domain names that have been created with the help of domain generation algorithms (DGA). This helps detecting malware that uses DGA to maintain connection with the attacker’s C&C server

Non-Compliance with IS policies

PT NAD detects transmission of unencrypted data and messages, VPN tunnels, TOR, remote access utilities, proxies, and messengers usually prohibited by security policies at major companies

Telecom Attack Discovery

Positive Technologies’ Telecom Cybersecurity Suite enables network operators to drive business performance while protecting their subscribers and services. By providing greater visibility into infrastructure vulnerabilities and securing customer services, Positive Technologies helps to strengthen loyalty, drive revenue with value-added security offerings, and protect emerging telecom technologies such as 5G and the IoT.

IоT Security Assessment

For each smart device, network, or application that is part of IoT infrastructure, Positive Technologies performs in-depth security analysis: extensive penetration testing, signalling security assessment, reverse analysis and audit of end device software and hardware, and more.

Following our research-first approach, we identify threats, prioritize them, and provide actionable recommendations and solutions to strengthen the IoT operator’s security posture. We believe that this can help to stop attacks such as from the Mirai botnet, which have the potential to become the menace of the 5G era

PT Telecom Security Assessment provides full visibility into the actual state of signalling protection for SS7, Diameter, GTP. Test how well your security is performing and see what risks are lurking.

By knowing which attacks are successful, PT Telecom Security Assessment is the key for building a management process to handle signalling vulnerabilities and keep your network and subscribers safe.

Telecom Security Assessment

GSMA Compliance Check

The quickest way to ensure compliance with GSMA FS.11, FS.19, and IR.82

PT GSMA Compliance Check is a handy service that provides independent evaluation of the current signalling network compliance status with GSMA best practices and recommendations. It helps to discover critical vulnerabilities and improve the overall security level. PT GSMA Compliance Check is an essential step to reach ultimate protection, avoid extensive fines, and get ready for the future challenges such as fast-paced 5G roll-out.

About Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community.

State-of-the-art solutions are developed at Positive Research, the company’s flagship research centre and one of the largest in Europe. Positive Research experts have helped to identify and fix over 250 zero-day vulnerabilities in products from Cisco, Google, Honeywell, Huawei, Microsoft, Oracle, SAP, Schneider Electric, Siemens, and others, earning a reputation for world-class expertise in protection of devices and infrastructures at all scales from ATMs to nuclear power stations.

Findings by Positive Research are used for updating the MaxPatrol knowledge base and for development of security solutions including PT Application Firewall,PT Application Inspector, MaxPatrol Vulnerability and Compliance Management Solution,PT ISIM, PT MultiScanner and SS7 Attack Discovery. These products allow securing web applications, evaluating network protection, blocking attacks in real time, ensuring compliance with industry and national standards, and training security specialists.In 2015 and in 2016, the company was rated a Visionary in the Gartner Magic Quadrant for Web Application Firewalls (WAF).