Breach Detection System and Smart Probes
Our unique technology detects the most advanced threats, made with the most crafted exploitation methods (polymorphism, obfuscation, encoding, ROPchain…) and the threats based on all types of malicious files (ransomware, cryptolocker…).
Trackwatch® can be deployed from two types of devices: GCAP and GCENTER.
GCAP ensures the collection of network traffic flows and a portion of the anlyses. A GCAP is connected to a switch with a mirror port or to a TAP that copies the network traffic. One or more GCAPs can be deployed within an infrastructure, either locally or at remote sites. The GCAP(s) are connected to a GCENTER management device.
The GCENTER nalyses the information sent back by the GCAP, stores it, provides configuration and reporting interfaces, and exports the information to a security information and event management (SIEM).
The must-have tool for your protection, with unmatched capabilities
Trackwatch®, the detection system published by Gatewatcher, is based on a unique technology in weak signal analysis and machine learning, targeting abnormal behaviours by running a dynamic analysis of weak signals from inside network flows. Trackwatch® is the only product on the market with a dual approach to the threat in the exploration phase, with deep data capture and optimal analysis. It auto-adapts to polymorphic threats, in order to guarantee a strong accuracy.
SIGFLOW: formal and statistical analysis, anomaly detection.
CODEBREAKER: recognises APTs stemming from encoded Shellcodes / ROP (Return Oriented Programming) and JOP (Jump Oriented Programming)
MALCORE: real-time heuristic and static multi-engine malware analysis. Malcore is able to analyse more than 6 million files every 24 hours.
RETROACT: enables the empirical re-analysis of potentially malicious files, several days after their appearance, with new signatures and heuristic methods.
AI: Machine Learning engine which detects weak signals both in payloads as well as in files.
Information Capture and Analysis
At the very heart of your information system, Trackwatch® is the only product on the market with a double approach in innovation: deep information capture and optimal analysis.
A turney solution
- Adapted to run online connected to our smart system
- Adapted to run fully offline for isolated and confidential networks
- Your information belongs to you. No “Cloud” technology.
- 0 impact on your production environment: connects with TAP or port mirroring
ElasticSearch, Metadata et Forensics
- Intuitive and ergonomic
- “Network Behaviour” approach (visualisation of activity spikes, behavioural deviation, statistics, etc)
- Integration of geolocation with interactive map
- Decrease of false positives and recurring alerts
- Management of alert severity / criticality
Online mode: connected to our online platform. Suited for organizations wishing to decrease their administration and management load.
Air gap mode: for confidential and isolated networks and those with no access to the outside. Optimal to be paired up with a proxy (Bluecoat, Squid, Websense).
Offline mode: download updates and upgrades on devices for confidential and isolated networks.