Trackwatch® Full Edition
Trackwatch® Full Edition combines advanced packet analysis with innovative methods for detecting abnormal network behavior. Always at the forefront of innovation, it adapts itself to polymorphic threats, guaranteeing a very high level of relevance in the face of the constant evolution of Advanced Persistent Threats (APT).
Trackwatch® FE detects advanced threats from the most ingenious techniques through multi-vector analysis of network flows: static, dynamic and by automatic learning.
Anticipate dreaded scenarios while being alerted at the first signs of an unknown attack.
Control of payloads
Trackwatch® FE conducts protocol and static analysis on packets in order to compare them to known attack signatures provided by several threat intelligence sources. Trackwatch® FE can also accommodate new sources.
The solution ensures the detection of shellcodes (including polymorphic ones) and all encoded payloads.
Advanced file analysis
Trackwatch® FE detects all types of malware through static and heuristic analysis of files by multiple anti-virus engines.
The solution can scan up to 16 million files per 24 hours, and back scan files identified as suspicious by heuristic analysis after they have passed through the system.
Improve threats insights , thanks to A.I.
Trackwatch® FE embeds AI algorithms developed by our analyst teams. These algorithms detect several types of attacks that are difficult to spot: malicious PowerShell scripts, DGAs, SMB flows in ransomware attack scenarios...
Detection engines that comply with ANSSI standards
Trackwatch® FE combines several detection engines with a machine learning module that help you to have a comprehensive understanding on the information passing through your network.
- Detection of classical, encoded and polymorphic shellcodes.
- Shellcode translation.
- Analysis of protocols, events and payloads, correlation with known signatures.
- Extensible and interconnectable signature database.
MALCORE + RETROACT
- Static and heuristic analysis of files in real time.
- Correlation with known malware signatures.
- Retroanalysis of files tagged as suspicious.
- Focus on unknown threats using files.
- Domain Generation Algorithms (DGA) and malicious powershell scripts detection algorithms.
Easy to deploy
Trackwatch® is deployed from two types of appliances: GCAP and GCENTER.
The GCAP ensures the capture of network flows and part of the analyses. A GCAP is connected to a switch with a mirror port or to a TAP copying the network flow. One or more GCAPs can be deployed within an infrastructure, locally or at remote sites. The GCAP(s) are connected to a GCENTER management appliance.
The GCENTER ensures the analysis of the information reported by the GCAP, its storage, the setting and reporting interfaces and the export of the information to a SIEM.
Trackwatch® can work online, connected to our intelligent system, or completely offline for isolated and confidential networks. Our on-premise technology allows you to keep control of your information. Moreover, its off-line position preserves you from possible impacts on your production environment.