Self-Healing Network (SHN)

Identify breaches in your network & infrastructure and automatically resolve them.

Self Healing Network Icon

What is it?

What is it?

TLR has designed and developed its own automated self-healing network system to detect and remediate any security issues and breaches within an organisation's network.

Security orchestration is blossoming within industry with many SOC Managers now implementing this as part of their security strategies. However, our SOAR goes one step further.

We have developed an all in one solution that automatically detects suspicious behaviour within a network. Micro bots are then sent to heal or contain the issue. Freeing SOC operators to do more important tasks.

Someone plugging wires into a server

How does it work?

1.

Monitor network assets

Monitor critical assets within your network. Collecting behavioural data which reports back to central management systems and correlates against our Threat Intelligence.

2.

Hunt & control

SHN automatically deploys our “hunting” bots, finding the suspicious network behaviour and controlling it, shutting it down and reporting relevant data to the SOC.

3.

Remediate

Reducing the need for human intervention, SHN Frees up SOC managers to do more valuable and critical tasks. Failures and outages are then automatically resolved or reported back to SoC managers alerting them to the issue.

The problem

SOC managers and security teams have millions of tasks to sort to effectively manage a security system. Often any network issues, outages or breaches are not noticed until it's too late.

For any organisation, no matter what your size or industry, this can cause major issues. Both for the security of your network, your teams and even your customers - which can affect your bottom line.

Even small network issues can eat up valuable time for busy IT departments.

How we solve this

We have designed and developed an all in one box solution which monitors your network and detects potential suspicious behaviour. This is then automatically contained and rectified. Reducing the need for human intervention.

This means that issues get resolved much quicker than if human intervention was required. Manually finding, and resolving issues in networks can monopolise hours of time for IT departments

Finding and fixing issues quickly can stop them becoming critical problems.

Benefits

Less human intervention

Maximise IT departments time by freeing them from manual tedious tasks. Allowing them to focus on the bigger picture.

Security peace of mind

Automatically find and rectify issues before they become critical problems.

Save time and money

Maximise uptime by automatically finding and fixing issues that could eat up valuable IT time.

Quick and real time fixes

Automatically find and resolve suspicious behaviour in networks quickly and effectively.

Modules

Active Directory Module

Attackers and Malware attempt to create new administrator accounts or modify existing accounts and groups in order to take over your network.

ADM ensures Active Directory integrity with:

  • Privilege Group Management & Monitoring
  • Domain User Monitoring
  • Group Policy Monitoring
TLR Background

Critical & Sensitive File Monitoring

Once in your environment, attackers target critical & sensitive files. They can be exfiltrated, deleted or, in the case of ransomware attacks, encrypted.

The File Monitoring Module has a proprietary method for protecting these critical files and maintaining file integrity.

TLR Background

Process Tracking & Learning

Malware and other malicious activities often create new processes designed to steal data or facilitate other cyber-attacks. 

Process Tracking & Learning combats this by

  • Tracking and learning about legitimate processes in the system
  • Alerting on unexpected processes
  • Optionally allowing administrators to automatically block new processes
TLR Background

Local Account Monitoring/Management

Similarly, when attackers attempt to make an account in Active Directory, malware often creates an administrator or root account with escalated permissions.

This module monitors servers or endpoints for the creation of new accounts or unauthorised attempts at modifying existing accounts.

TLR Background

Application Whitelisting

Malware will often attack critical applications such as anti-virus.

Working on its own or in conjunction with existing whitelisting capabilities, this module can act as another layer of defence against attackers who are trying to terminate critical processes.

TLR Background

Scheduled Task Monitoring

Attackers use scheduled tasks to create persistence and control systems.

This module will monitor for unauthorised tasks and take remediation action if desired by the organisation.

TLR Background

Windows Patch Monitoring

Unpatched systems connected to the network introduce threats to critical assets. If your systems aren’t up to date, then you are more likely to be compromised by the latest vulnerabilities.

Windows Patch Monitoring will alert your SOC team when Windows Patches haven’t been installed so your team can act quickly with focus and intent.

TLR Background

Automated Threat Intelligence Management

It is laborious to manually process Threat Intelligence (TI) and Indicators of Compromise (IOCs). Most organisations don’t get good value from these services.

The ATIM Module ingests Threat Intelligence and IOCs then hunts within your network and will identify critical assets which may be affected by these indicators.

TLR Background

Active Server Attack Detection

Attackers will attempt to exploit known vulnerabilities on servers with malicious commands”
This Module detects these malicious commands and helps prevent the exploitation from occurring.

The Log4j fallout inspired the development of this module and it has been adapted to support ANY hunt exercise.

TLR Background

Become cyber resilient

Get in touch today to see how we can make you more cyber resilient. Empowering you to lead from the font.

Get in touch

Features

Mix & Match

The SHN is highly customisable. Start with one or two modules to get instant return on investment. Add new modules as your security needs evolve.

Account Takeover Defence

The Active Directory Module comes standard, so you get out of the box account takeover defence.

Ransomware Defence

The SHN Modules help to defend against ransomware by blocking malicious processes, protecting crown jewels, and restricting system access.

Compliance Help

Whether your organisation is pursuing the top four, the essential eight, SOC 2, NIST, CMMC or any of the many compliance standards the SHN can support these efforts and get you on your way to compliance certification.

Endpoint Security

Combine Local Account Management Module, Application Whitelisting, & Scheduled Task Monitoring for a robust Endpoint Security package.

No Fuss Threat Intelligence

No Fuss Threat Intelligence - Making sense of threat intel is time consuming, making threat intel actionable takes even more time. SHN with DRPS can consume threat intel & remediate threats without any need for intervention.

FAQ

  • There’s a lot of SHN Modules, do I need them all?

    No, you absolutely do not. We don’t actually recommend you start with all of them. While many modules are complimentary, they can operate independently. We first consider what your business needs are and align these with the security efforts provided by SHN.

  • How do I know the SHN covers my unique use cases?

    Through our years of experience in penetration testing, incident response, and security operations, we have identified and distilled the most common and fruitful attack vectors utilised by threat actors. Equipped with this knowledge, we have designed modules to address these use cases.

  • Ok, but I have a use case I know you’ve never heard of….

    First of all, that’s not a question but, SHN is designed to be modular. If it doesn’t cover your use case, we will build a new module and provide it to you for free in the first year.

  • Which operating systems do the SHN Modules support?

    Both Windows and Linux are largely supported. In some situations, like the Active directory Module or Windows Patch Monitoring, only Windows is supported.

Become cyber resilient

Get in touch today to see how we can make you more cyber resilient. Empowering you to lead from the font.

Get in touch