Cybersecurity Services combat an APT with NDR

Attackers linked to Iran and China are actively targeting critical infrastructure.  Both the U.S. Environmental Protection Agency and National Security Agency have requested that each…

Marc St-Pierre profile picture

Marc St-Pierre

March 28, 20244 minutes read

Blue shield padlock indicating cyber security

Attackers linked to Iran and China are actively targeting critical infrastructure.  Both the U.S. Environmental Protection Agency and National Security Agency have requested that each U.S. State carry out comprehensive assessments of their cybersecurity services and practices. 

Critical Infrastructure, like water treatment plants, need to defend against network-only level attacks (e.g. DNS Exfil, SCADA controls, DGA), but also need the additional layer of security that may be missed by using only endpoint protection (e.g. antivirus) or endpoint detection and response (EDR). 

Not only Critical Infrastructure with complex IOT and OT (Operational Technology) environments, but all organizations strive to fortify their digital perimeters and safeguard their operations and sensitive information. The demand for advanced solutions has never been higher. Enter OpenText™, a trailblazing force in the realm of cybersecurity, with its cutting-edge Network Detection and Response (NDR).

In this age of sophisticated cyber threats, traditional security measures often fall short in providing real-time insights and proactive defensive mechanisms. OpenText has emerged as a beacon of innovation, offering a robust and dynamic approach to threat detection and response by monitoring the network layer of an organization for attacker behavior.

OpenText NDR top 3 capabilities

  1. Packet capture and analysis: The solution captures and analyzes network packets in real-time, enabling deep inspection of network traffic for signs of malicious activity. This granular visibility is crucial for understanding the nature of threats.
  2. Incident response: The solution facilitates rapid incident response by providing actionable insights and alerts. Security teams can quickly assess, collect, and work to mitigate threats to minimize the impact of potential security incidents.
  3. Integration with OpenText MxDR: Seamless integration with OpenText MxDR enables better correlation and analysis of network security events with other MxDR security data, providing a more comprehensive cyber resilience and overall security posture.

Defending against Advanced Persistent Threats (APT)

A leading financial investment management organization put their security posture to the test and OpenText stood out as the sole solution that detected an unannounced advanced red team exercise.

OpenText NDR is one of many security layers which protects the data and operations of this financial organization. OpenText was the sole control which detected the activities by a rogue endpoint introduced during the penetration test in the customer’s network.  The exercise utilized various protocols and methods such as SMB for lateral movement, Kerberos spraying, as well as SIP and RDP based attacks.  NDR detected all the tactics and techniques, using the platform that has been optimized and managed for the customer.

White glove solutions

OpenText Professional Services worked with the customer’s Network Security Engineering Team to integrate and configure the solution to provide actionable alerts.  Our Technical Account Manager (TAM) program ensures smooth operations and optimized value, meeting the cybersecurity objectives of the organization. The OpenText TAM further provides customers with proactive issue resolution, tailored solution deployment, ongoing knowledge transfer, technological evolution planning, advocacy, continuous improvements and time/resource savings. The TAM continues to adapt the OpenText NDR deployment to threats by crafting new custom Suricata and Zeek detections, tuning rulesets from the cybersecurity research organization Emerging Threats Pro (ETP) and custom detections and verifying optimal platform operation and deployment configuration as the cyber threat landscape continues to evolve.

Fully managed services

OpenText delivers NDR as traditional on-premises managed software or as a fully outsourced managed service, providing its advanced NDR platform bundled with expert security operations support that is tailored to each customer. Customers choose from a Technical Account Manager program approach or a Managed Security Service, outsourcing their threat detection and response to OpenText.  OpenText MxDR augmented with our cutting-edge NDR provides customers with a People + Process + Technology solution to defend their organizations.

How can we help?

Ready to harness unparalleled network visibility to efficiently hunt for and defend against threats?  OpenText Cybersecurity Services will be your guide to cyber resilience.  Learn more, or contact us today.

Co-Author: Kevin Simpson is a Principal Consultant with the OpenText Cybersecurity Services team specializing in Network Detection and Response.  Kevin has more than 10 years experience in cybersecurity engineering and consulting. Kevin is a lead Technical Account Manager (TAM) for military defense, government and financial sector customers.

Share this post

Share this post to x. Share to linkedin. Mail to
Marc St-Pierre avatar image

Marc St-Pierre

Marc is VP of Consulting Services for the Security + Artificial Intelligence + Linguistics & Translation practice. For more than 15 years, Marc has led services groups specialized in advanced and emerging technologies. He has lectured on semantic technologies and lead solution development such as Ai-Augmented Voice of the Customer and Magellan Search+.

See all posts

More from the author

Strengthening Higher Education Institutions against evolving cyberthreats

Strengthening Higher Education Institutions against evolving cyberthreats

As cyberthreats continue to evolve, it is crucial for higher education institutions and universities to be vigilant.  Enforcing security strategies prudently designed to safeguard digital…

January 24, 2024 4 minutes read
Strengthening cyber resilience

Strengthening cyber resilience

Cyberattacks are on track to cause $10.5 trillion a year in damage by 2025. That’s a 300 percent increase from 2015 levels. A robust cybersecurity…

December 19, 2023 4 minutes read
OpenText Managed Security Services soar in Top 250

OpenText Managed Security Services soar in Top 250

By 2025, according to Gartner Market Guide for Managed Detection and Response Services (February 2023), we foresee a significant shift: 60% of organizations will actively…

November 6, 2023 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.