Forcepoint TRITON RiskVision
Gain Visibility into Next Generation Advanced Threats and Data Theft
Overview:
Gain real-time visibility into the most sophisticated attacks and advanced threats with file sandboxing and behavioral analysis technology.
Your organization needs to innovate every day to carry out its mission. Unfortunately, the bad guys are out there formulating new cyberattacks every day, too. That’s why we work so hard to help you stay ahead of evolving threats.
Defending against today’s cyber threats requires enhanced scope and scalability to fully understand the effectiveness of current defenses. Forcepoint TRITON RiskVision is a network monitoring appliance that provides unparalleled visibility into Advanced Threats, highlighting infected systems, call home communications, blended attacks and data exfiltration; uncovers Advanced Threats via sandboxing and many other real-time techniques; delivering actionable data in ready-to-use dashboards and reports.
TRITON RiskVision uses industry-leading threat analytics, security intelligence and behavioral sandboxing to deliver visibility into advanced threats, along with an extensible platform for additional threat detection. It gives you the information you need to detect attacker movement and get back to normal quickly after an attack occurs.
RiskVision incorporates multiple Forcepoint innovations to deliver crucial benefits to your organization:
- Integrated file sandboxing provides behavioral analysis of threats and forensic detail on who was attacked, which data was attacked, where it was destined, and how the attack was executed.
- Analytical insights allow you to uncover critical data threats from “shadow IT” by identifying high-risk cloud application usage and the users who are putting your data in peril. You can then secure your SaaS use by identifying safer, alternative cloud applications.
- Data Loss Prevention (DLP) features detect data theft attempts via outbound email, Web communications and cloud app usage.
- Threat intelligence is channeled into existing security controls for zero-latency defenses against advanced threats.
- An easy-to-use interface enables flexible queries and investigative workflows to achieve deep visibility into advanced threats and their impacts on your critical data.
RiskVision can be combined with Threat Protection Appliance to provide an on premise solution for visibility and insights into previously undetected threats across Web, email and cloud channels.
Features:
Real-time defenses, global threat awareness, sandboxing and DLP
TRITON RiskVision unifies four key defenses into one platform:
- Forcepoint ACE uses seven defense assessment areas with over 10,000 analytics to provide real-time threat analysis of web and email traffic.
- Forcepoint ThreatSeeker Intelligence Cloud unites over 900 million endpoints and analyzes 3-5 billion requests per day, providing global threat awareness and vital defense analytics to ACE.
- Forcepoint TRITON ThreatScope sandbox analyzes behavior of web downloads and email attachments to uncover Advanced Threats and communications and provides actionable forensic reporting.
- Data loss prevention (DLP) detects data exfiltration for registered data, criminal-encrypted uploads, and password file data theft.
File Sandboxing & Forensics
- Integrated web download and email attachment file sandboxing for behavioral analysis and forensic reporting with actionable insights.
Cloud application visibility powered by Skyfence
- Identify critical data threats from “shadow IT” by uncovering high risk cloud application usage and those users putting your data at risk.
- Identify safer alternative cloud applications.
Integrated DLP Defenses
- Content and context aware DLP detects data exfiltration related to theft or loss.
- Data theft features include detection of data loss via outbound email, web communication including webmail, and cloud app usage.
Advanced Threat & Data Theft Detection
- ACE real-time defenses for advanced threat and data theft detection.
- More than 10,000 analytics enable defenses against undetected threats.
Global Threat Awareness
- Security intelligence from the ThreatSeeker Intelligence Cloud.
- Analyzes up to 5 billon web, email and social networking requests per day.
- Facebook partnership provides insight into social media lures and threats.
Solutions:
| You Need | Forcepoint Solutions |
|---|---|
| Advanced threat intelligence that works with existing countermeasures | Extensible threat intelligence platform channels threat intelligence into existing security controls for zero-latency defenses against Advanced Threats. |
| Visibility into cloud application usage and IT compliance | Identifies critical data threats from “shadow IT” by uncovering cloud application usage and those users putting your data at risk. |
| Visibility into Advanced Threats and data theft/data loss incidents | TRITON RiskVision combines real-time advanced threat defenses, global security intelligence, file sandboxing and data loss/data theft detection into a threat monitoring solution that provides insight into threats unseen by traditional defenses. |
| Advanced Threat detection beyond traditional defenses | ACE goes beyond anti-virus defenses by using seven defense assessment areas in a composite scoring process that uses predictive analysis. Multiple real-time content engines analyze full web page content, active scripts, web links, contextual profiles, files and executables. ACE leverages over 10,000 analytics derived from the ThreatSeeker Intelligence Cloud. |
| Detection of data theft and data loss within multiple channels | Advanced DLP defenses detect data theft and data loss. Advanced data theft defenses include detection of custom encrypted uploads, password file data theft, and slow data leaks (drip DLP) and geo-location destination awareness. |
| Sandboxing of files and objects to detect Advanced Threats, with actionable forensic reports | ThreatScope web file sandboxing provides behavioral analysis to uncover Advanced Threats and communications, plus detailed forensic reporting. An advanced threat dashboard provides forensic insight on who was attacked, what data was attacked, where the data was destined, and how the attack was executed. Security incidents include data theft capture when possible, with the ability to export forensic details to SIEM systems. |
| Ready-to-deploy appliance provides immediate visibility | TRITON RiskVision deploys on Forcepoint V10000 appliance via a network TAP or SPAN port deployment alongside TRITON management and reporting servers. Please refer to the latest V-Series datasheets for hardware specifications. Integrates with leading SSL decryption products. |
Documentation:
Download the Forcepoint TRITON RiskVision Datasheet (.PDF)