HITS

NSS Labs has announced the version 2.0 release of its Cyber Advanced Warning System™ (CAWS), a 24/7 real-time security instrumentation service that provides a forward-thinking way to monitor security product effectiveness against active threats. This upgrade significantly expands upon the capabilities of CAWS version 1.5 by providing detailed contextual data on exploits as well as protection capabilities of various security products. The Cyber Advanced Warning System is offered freely to end users to continuously monitor the effectiveness of up to three (3) security products. The amount of security information that must be processed and actioned on a daily basis is overwhelming to most security teams. Enterprises can reduce cyber risk and improve security ROI by gaining visibility into which threats matter. With an Application Program Interface (API), CAWS easily integrates into existing security decision support systems.

This new release contains a number of new features including:

Active Threats — Understand exploits in detail.
Detailed contextual threat information includes specifically targeted applications and operating systems, malicious file data, source URLs and IP addresses. Newly added are a summary of exploit activity and threat details (PCAP, SAZ, Shellcode), HTTP Traffic, and (unique to the industry) real-time Disassembled Shellcode and Exploit Chain of Events. Customers can now submit their own malicious URLs individually or in batches.

Defenses — Identify threats that can evade your defenses.
CAWS allows the user to build profiles that characterize the segments of their network, the security products intended to protect them, and the critical assets within each. Fast drill-downs enable an analyst to quickly determine if a given location and specific applications are at risk. Heat maps visualize areas where action needs to be taken.

Risk Modeling — See defense-in-depth efficacy over time.
Analysts can review historical information about the effectiveness of their security controls. Combinations of security vendors and products can be compared simultaneously, and granular assessments can be made based on dynamic applications and application versions within a profile. This provides a quick and easy method by which to understand whether specific security controls will recognize and block active exploits.

“Attackers are changing their tactics in hours, not days,” said Brian Soldato, Sr. Director of Product Management at NSS Labs. “The priority needs to be on avoiding breaches by focusing on the threats that matter. CAWS provides situational awareness that can help an organization identify where layered defenses are failing and how to break the kill chain,” adds Soldato.