Visibility with Booz Allen
Scalable enterprise-wide threat visibility across network, email, and endpoint.
Full Visibility Includes:
Booz Allen’s network sensors see every packet that goes across a monitored network. Not only are the packets run through our dynamic detection engines, but all files are recreated and analyzed. Booz Allen even provides file carving capabilities which are able to unpack embedded files (zip, embedded macros, etc.) and submit them into the detection engines. Hostnames, URLs, source, destination IP’s and file hashes are then correlated across the environment to enable attack detection and scoping as well as threat hunting.
Booz Allen’s Email service examines all in-bound email. Email headers, content, attached files and embedded URL’s are all interrogated by our dynamic detection engines. File carving also takes place on all attachments allowing Booz Allen to examine all embedded content (zip, embedded macros, etc.). Sender, receiver IPs, embedded URLs and file hashes are then correlated across the environment to enable attack detection and scoping as well as threat hunting.
Endgame Endpoint Visibility
The Endgame Zero Breach Tolerance EDR Platform applies machine learning and other advanced techniques to provide the industry’s deepest and most accurate inspection across every layer of the endpoint via dissolvable sensors.