Whitepaper: StopPoint empowers our expert cyber security team

1. Introduction

At Invinsec we are continually taking the fight to cyber criminals. StopPoint aims to empower our security operations staff with the right tool to effectively stop threats in their tracks, giving customers peace of mind while buying precious time to investigate and remove threats before allowing the endpoint back on the network.

StopPoint is designed to quickly and effectively terminate any network interface controllers (NIC’s) on an endpoint monitored by BroadBot, putting a stop to any potential data exfiltration, lateral movement or Remote Access Toolkits (RATs). As well the ability to lock down endpoints, StopPoint also provides a 2-way challenge-response method of unlocking a workstation. You provide us with a 4-digit code, we verify it and provide you one back to unlock the endpoint – simple.

StopPoint will be bundled with the existing BroadBot agent and won’t require an additional application install, only an update to existing pre-StopPoint agents – saving time, removing the need to add another application to the environment and staying true to our ethos of making security monitoring deployment as rapid and simple as possible without compromising on functionality.

2. Key features & benefits

  • Designed to give in-house security teams time to investigate and remediate endpoints without lateral movement from threats or data exfiltration
  • Ability to securely and remotely lockdown and unlock all NICs on the target device through SSL communication
  • Discreet process built into the existing BroadBot agent. No need to install additional applications
  • Fully monitored and controlled remotely from our 24x7x365 SOC
  • Process driven – we won’t lock down systems without authority from you
  • Challenge-response process of unlocking means we ensure that network communications aren’t re-established until the you’re happy

2.1 Process

diagram

Leave a Reply