The complex nature of cyber incidents, combined with the sophistication of threat actors makes it nearly impossible for security teams to identify and fully understand all the details of a compromise before, during, or even after a breach. This is because security teams struggle to find and react to even a single incident amongst a sea of data across an entire infrastructure and an attackers seemingly un-related malicious activity goes unnoticed until they are embedded deep within a companies infrastructure. For teams in the field, such as Incident Response, the likelihood that they can quickly spot a threat actor on a network with the tools provided is slim to none; Its like trying to find a grain of sand on the beach. The heart of the problem is that field deployed cyber teams are given 2 choices: bring monumental amounts of hardware with them to deploy an enterprise grade solution, or pack light but lose capabilities. And the current AF platform for deployable cyber teams relies heavily on open source software, broad and signature-based alerting, and tools that dont integrate well. So CyberWinter Studios had an idea...the Nomad. A lightweight, portable, and immensely powerful cyber operations platform that can offer all the capabilities of an enterprise solution, but deployed on mini servers and laptops. We offer the defender a chance for complete visibility of malicious activity, regardless of the network and conditions. Our custom offering of the NetWitness suite (aka Nomad) is based on the principle that deployed cyber operators need as much (if not more power) than a SOC or INFOSEC analyst. Our platform will allow us to deploy NOMAD on high capacity, portable servers, all of which will meets AF requirements. Additionally the system will provide easy memory expansion to support operations (ie, evidence collection) as mission requires; this is ideal for immediate and ad-hoc investigation requirements. It allows for complete visibility through the collection of data across physical, virtual, and cloud platforms and across packets, logs, endpoint, and netflow data as well as threat intel from multiple intelligence sources. The system lets analysts detect and monitor emerging, targeted and unknown threats as they traverse the network as well as allowing users to reconstruct entire network sessions for forensic investigations. NOMAD also utilizes machine learning, behavioral analysis, and data science techniques. This allows responders to quickly understand the true nature and scope of the attack in time to identify and eradicate it. And with flexible integration options, our fly-away kit works easily with other security tools that are already in place in a network to increase a security teams effectiveness.
