Review: How Awake Security uncovers malicious intent

This advanced network traffic monitoring platform identifies hidden threats and those that don’t use traditional malware, making it extremely powerful and useful in today’s threat environment.

Good cybersecurity these days is more complicated than just matching signatures against known malware. In fact, many of the most devastating attacks made against enterprises may not involve malware at all, instead relying on social engineering, insider threats, and tools and processes already approved for use within a network that are hijacked for a malicious purpose.

To stop many of these advanced attacks requires the ability to detect and diagnose malicious intent, even in the absence of any smoking gun. That concept may seem a little bit like Tom Cruise predicting crimes Minority Report style, but it’s essentially what the world’s best threat hunters do that puts their skills in high demand. They are able to look at seemingly disparate events, form a hunch, and sometimes uncover major threats or even threat campaigns. The problem is that good threat hunters are as rare as painite crystals.

The Awake Security Platform can fill that gap. While it ultimately performs what could be considered innovative threat hunting, it’s technically a traffic monitoring platform, though a very advanced one that concentrates on potential threats that other defenses often miss.

Deploying Awake

The heart of the platform is the Awake Hub, which can be deployed on-premises or in the cloud. Traffic data moving throughout a protected network is fed to the Hub from sensors placed at strategic points. The sensors are mostly software-based, though they can exist as hardware if needed for unusual network deployments. They can be placed anywhere and everywhere within a network, but the choke points that are often used include the link to the datacenter, the network gateway, the authorization servers for the user network, within the internet of things (IoT) infrastructure, at the point where data flows to the cloud, as a connector for software as a service programs, and within the operational technology (OT) network if an organization has one. The deployment footprint has no effect on pricing, which is based on the aggregate throughput of traffic being monitored.

Once deployed, the Awake Platform begins discovering all the devices on a protected network. It does this without conducting any scans or deploying any agents. Because it sits at the points where all network devices eventually check in or send communication through, such as the authorization servers, it will eventually discover every active device. Based on its previous experience protecting networks, it can identify almost every kind of network device just using those interactions with the choke points. For example, it was able to properly identify both an IoT medical device and an electronic water bottle from their network activity.

Awake Security Platform main dashboard John Breeden II

The Awake Security Platform main dashboard shows the number of devices within the network being protected, and anything strange that might be happening.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!