Fenror7’s line of lateral movement detection products allows near immediate detection of attacks, providing CISOs and security teams with valuable information about what goes on in their network. All of our easy to use products are designed to work out of the box in most common organizational network environments, independent of the number or types of IP devices connected to the network. Typical setups include connecting our product to a network tap or SPAN, and do not require content inspection.
Fenror7 Multi-Site provides a single management point for multiple engine servers. Our scalable multi-site solution is designed for large enterprises with data centers spread out over multiple geographic locations, or network topologies with more than 5,000 devices.
Fenror7 SA is our stand-alone lateral movement detection product, providing single-site organizations and networks of up to 5,000 devices, with the same detection capabilities of Fenror7 Multi-Site.
Fenror7 Cloud lets organizations operating with a cloud topology take advantage of Fenror7’s game changing lateral movement detection engines by providing cloud based detection.
Using existing detection solutions, internal attacks go undetected for many months. Fenror7’s patented engines provide near immediate detection giving your organization time to defend itself at the early stages of an attack.
Other detection methods often rely heavily on detecting exploitations of specific vulnerabilities or analyzing user behavior. While these detection methods can detect attacks, they are in many ways similar to looking through a key hole, and missing the bigger picture. This is due to the fact that they require constant updates and can be bypassed easily by introducing slight variations to known attack methods. While exploits and payloads can be changed easily by attackers, they will not be able to avoid moving laterally within the enterprise as they move towards their ultimate goals.
Both Fenror7 multi-site, and Fenror7 stand-alone are able to integrate fully with any standard SIEM system. Fenror7 is also capable of integrating with AD as well as Network Access Control systems and Firewalls, allowing you to get more out of these systems.
Fenror7’s LMD engines are able to detect suspicious lateral movement in under a minute, with the attackers’ movement rate within the network being the largest factor in determining how long it takes before an alert is shown on the dashboard.
Both the multi-site and the stand-alone products run on fully patched and hardened Linux servers, and are designed as out-of-band solutions connected to a network tap.