Click Through the Attack Chain:
Command & Control
A compromised device on your network is attempting to contact an attacker's external Command and Control (C&C) server. Once a connection is established, the C&C server can send additional malware, instructions for remote remote execution, and/or payloads required to support the attack. Reveal(x) detects when an internal device is communicating to a suspicious system outside of your network in support of an attack.
An attacker has compromised a device and is using it to learn about your network. The attacker is looking for potential targets (critical assets) and associated vulnerabilities. Reveal(x) detects when an internal device is performing suspicious scans of devices, ports, services, applications, or files on your network as well as attempts to gain direct control of resources.
An attacker is actively exploiting assets and vulnerabilities in your network. Reveal(x) detects anomalous behavior associated with various techniques like brute force attacks and IP fragmentation.
An attacker is progressively moving through your network from device to device in search of data and critical assets that are ultimately the target of their attack campaign. Reveal(x) detects unusual movement of users or data within your network.
Actions on Objective
An attacker is finally making a move by exfiltrating files, encrypting data, or taking other unsavory action. Reveal(x) detects when attackers are near to completing their campaign goals.