FORT Post
FORT Post monitors the network for security related events. It can be used for proactive & reactive approaches to identify vulnerabilities; checks compliance for application and network services, besides incident response and network forensics. Tracking an adversary or trying to stop a malware at the edge, before it infects assets. FORT Post provides context, intelligence and situational visibility of the network. The Enterprise Solution of FORT Post takes it to the next level and includes much more features such as endpoint visibility, deep packet analysis etc.
Core Functions
01.
Packet Analyzer
It allows you to view PCAP transcripts and download full PCAP files. Dashboard is pre-configured to pivot to Pcap Files to retrieve full packet capture. It captures all the network traffic with full visibility to analyze in detail. Even it requires more space to reside but the solution comes up with fine tunning and prioritizing using unique techniques to overcome storage issues.
02.
NIDS & HIDS
Intrusion detection system providing Network-based and host-based analyzer for network traffic or host systems, respectively, and provide log and alert data to detect events and activity. It is rule based systems that looks at network traffic for fingerprints and identifiers that match known malicious, anomalous or otherwise suspicious traffic. Its end point security enables to performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. As an analyst, being able to correlate host-based events with network-based events can be the difference in identifying a successful attack.
03.
Analysis Tools
Analysis tools providing visibility into the event data being collected and the context to validate the detection. Analysis tools provides a single GUI in which to view host based and network based events on the same windows where an analyst make analysis of the events to figure out the severity of the event, its impact and eradication as incident response. Besides, it provides network level visibility and the events based on the time series representations, weighted and logically grouped result sets” and geo mapping of the IPs. It can also pivot packet analyzer to view insights of the packet.