Get rid of the uncertainty. Regain control of your network.

Woden Vision is a new generation of sensors that detect cyber threats in computer networks. We provide both physical and virtual network sensors, covering small and larges offices, data centers and the cloud. Firewalls and anti-virus software are often incapable of detecting intruder’s network communication, once they have compromised a network. Cover the missing link in your company’s security setup by installing a MUNINN network sensor and start detecting threats now.

Download whitepaper
Download Product Sheet

Find and address the cyber attacks that weren’t visible to you before – now more efficiently than ever

MUNINN is a physical network appliance that captures network packets in real time, and utilizes unsupervised machine learning to establish a baseline of any given network.
From the baseline, MUNINN identifies anomalies and scores these using probabilistic models, before delivering them to the MUNINN Dashboard as notifications.

Installs into the local area network at the main switch via a TAP or SPAN/Mirror port. Receives copies of network packets to monitor traffic both internally and traffic flowing to/from the internet. The installation usually takes less than an hour. Does not interfer or interrupt network traffic.
See the results immediately after installation.

MUNINN Advantages

  • Adaptive and self-learning. No rules or manual configuration required.
  • Fully automated real-time discovery of anomalies.
  • Probabilistic anomaly analysis, estimating the likelihood of being malicious
  • Passive – does not affect your network performance.
  • Easy to install.
  • No up front costs – offered as a service

Learn more about MUNINN Competitive Advantages

MUNINN Dashboard

The MUNINN Dashboard empowers your employees to gain insight into the previously unknown, complex network space by visualizing the network and surroundings, providing statistics, reports and alerting in case of found anomalies. We enable you to regain an overview of your network, and regain control.

Cloud Platform

Sensor notifications and alerts can optionally be pushed automatically to our cloud platform as well. You can choose to have wehowsky.com security analysts to actively monitor your notifications and help you to deter an ongoing attack or conduct forensics.

MUNINN Dashboard Features

  • Network graph depicting subnets and nodes
  • Network asset overview, listing servers, clients (desktop/laptops), devices(smartphones, tablets) and their software and OS
  • Detailed statistics of network traffic: ports, protocols, services
  • World map, visualizing traffic with each country, and lists of top hosts and domains.
  • Detailed notifications and alerts
  • Meta-data search and raw data extraction
  • Reports

What MUNINN finds

MUNINN finds a wide spectrum of cyber threats ranging from simple or severe software and network vulnerabilities, to abnormal user behavior to advanced persistent threats (APT) over longer periods of time. Examples are:

  • Abnormal user behavior, such as data breaches and exfiltration from within a network, e.g. large file transfers to a remote server
  • Access to a database server and other services outside normal working hours
  • Newly introduced services in the network, e.g. an SMTP or FTP file server
  • Botnets, malware
  • Tor activity and communication through dark nets
  • APT, including remote access toolkits communicating with foreign command and control entities over time.

Threats do often consist of some malware or ransomware that gets installed on a device and spreads itself from there, which could involve lateral movement, command & control, data exfiltration and more. The following sections describe in further details how MUNINN detects these threats.

Command and Control (C2 / C&C) activity

When malware has infected a machine, it needs to know what to do next, this means it has a command and control server it connects with to get new orders. MUNINN detects this type of activity by checking connections for known IOC in available Threat Intelligence and using its sophisticated dyadic Machine Learning engine to detect if a connection is normal compared to the automatic created baseline.

Lateral movement and execution

After an attacker has entered your network, they want to get to the right data, this is done by moving from machine to machine until they find the right credentials and access. This type of activity is known as lateral movement, and is something MUNINN will find, by looking both at common attack indicators, such as files written to administrative shares and remote execution over WMI. Besides these standard attack indicators, MUNINN also uses its AI to detect these types of attacks, by looking at activity happening outside of normal business hours, or interaction between machines which normally doesn’t communicate.

Ransomware

MUNINN will detect types of ransomware which infects other devices over the internal network. Using ML & AI, MUNINN will notice unusual activity in the network, both because it will be machines which normally don’t communicate using these kinds of protocols and services.

Exfiltration of data

Today  company now has no unimportant data, due to GDPR exfiltration of data is now more severe and costly than ever. In the case where an attacker has gained access to the network, they will try and gain as much value as possible from the hack. One of these actions is exfiltration of all kinds of data, which can be anything from customer information, HR data and confidential cooperate documents. Using AI & Machine Learning MUNINN already has a baseline of how every single machine on the network normally behaves. So, if an employee starts to extract more data than, is normally required by their job, MUNINN will create a notification about this.

Malicious insider threat

The insider threat is one of the most difficult types of threats to detect. Often the person which tries to steal from the company will keep within her normal work pattern most of the time. However, as MUNINN is constantly learning and adapting to the network, it will detect these small deviations from normal, whether it is an employee which is active outside of their normal hours, or if it is a system administrator gone rogue.