trackWatch

Detect abnormal activities on your networks

Offer better visibility on advanced threats

Optimize the role of third-party security solutions

Trackwatch®: The on-premises detection platform that alerts you in real time to the most advanced cyberthreats.

Technical description and features

Trackwatch® combines advanced flow analysis with cutting-edge methods to detect abnormal behaviour on the network. Its combination of multiple detection technologies allows the platform to constantly adapt to polymorphic threats, guaranteeing a very strong relevance to the evolving sophistication of advanced persistent threats (APTs).
Fully operational from the outset, Trackwatch® combines machine learning algorithms that identify unknown tactics with several network traffic analysis methods (static, dynamic and heuristic). This approach provides increased visibility on malicious actions in progress and contextualizes each alert by reconstructing numerous metadatas on the protocols.

Background and implementation

Trackwatch® is a turnkey solution. It does not require additional equipment or hidden costs due to the integration of the RxTx stream and a complete analysis of the files.

Immediately functional, the solution is easy to set up and instantly detects intrusions. When used by a Critical Importance Operator (OIV), it is optimized to be easily integrated by the PDIS service you selected.

Trackwatch® is available through a wide range of appliances, easy to integrate into the IS/ISVI. Standard servers ,in 1U or 2U format, support the software, with data rates available from 10 MBPS to 40 GBPS without any compromising of processing quality of service.

Trackwatch® can operate online, connected to our intelligent system, or completely offline for isolated critical and confidential networks. Our technology is on-premise and you remain in control of your information. Its TAP derivative position guarantees no impact on your production environment.

Trackwatch® optimizes the role of third-party security solutions by offering numerous possibilities of interoperability with your existing in-place equipments. The solution is compatible with all SIEMs on the market, as well as with MISPs, EDRs, proxies, etc.

Customer benefits

Payload inspection

Trackwatch® conducts a protocol and static analysis over packets to match them to known attack signatures provided by several Threat Intelligence sources. Trackwatch® can also welcome new sources. The solution ensures the detection of shellcodes (including polymorphs ones), and of all encoded payloads.

Advanced file analysis

Trackwatch® detects all types of malware through static and heuristic file analysis by multiple anti-virus engines. The platform can scan up to 6 million files per 24 hours, and backscans files flagged as suspicious by heuristic analysis after they have been scanned.

Better visibility on advanced threats, thanks to AI

Trackwatch® embeds AI algorithms developed by our R&D teams, allowing the detection of complex attacks to be spotted: malicious PowerShell scripts, DGA, SMB flows in ransomware attack scenarios...

The Trackwatch® detection solution has been awarded in 2019 the elementary qualification from the ANSSI agency.

This endorsement certifies its software and hardware resilience and allows its use by critical importance operators (OIVs) for their compliance needs within the framework of the french military planning act (LPM).

Wide range of hardware

With a high granularity in the proposed speeds (from 10 MBPS to 40 GBPS) for a size scaling adapted to your IS or ISVI.

Pre-detection capability of threats on the entire Kill Chain of an attack

  • Comprehensive file and payload reconstruction and analysis.
  • Alert from the first signs of compromise (Nmap, shellcodes, one-liners)
  • Identification and contextualization of threats such as ransomware, malware, fileless attacks, botnet...
  • Machine learning detection of complex attacks : malicious PowerShell script, DGA attacks...

Optimized efficiency for your SOC:

  • Contextual metadata generated to ease the investigation work of cyber analysts.
  • Shortening of remediation time.
  • Strong interoperability with third part solutions such as EPP or EDR.
  • Reduction of SOC operating costs.
  • Alert criticality management
  • Compatibility with the major SIEMs,in the market