Out-of-the-box Security Suite
Using modern technologies in combination with statistical methods and intelligent algorithms, we are revolutionizing the security monitoring of IT systems.
Mario Jandeck, CEO Enginsight
TECHNICAL DOCUMENTATION
Start directly with all relevant security analyses without configuration.
Page 2 | enginsight.com | [email protected]
MARIO JANDECKPosition: CEO
ERIC RANGEPosition: CTO
MAX TARANTIKPosition: CMO
Together safe, with our customers
ABOUT US
YOUR CONTACT PERSONS
We at Enginsight are excited and looking forward to working with our customers to make the digital world a little safer. Take the first step in a new, exciting and secure direction for your business and get in touch with us.
TABLE OF CONTENTS
Enginflow .......................................................3
Server & Software Components ................4
Technical Architecture .................................5
Insight Security Analyses ............................6
Intelligent IT-Monitoring...............................8
Automatization & Alerts ..............................9
Pricing .............................................................10
Support ...........................................................12
Feature-Overview ..........................................13
Page 3 | enginsight.com | [email protected]
Enginsight is more than just a tool.
THE ENGINFLOW
Enginsight is a process!
AUTONOMOUS AND INTELLIGENT SYSTEM MONITORINGEnginsight - The innovative IT security solution
With its software platform, Enginsight GmbH offers an integrated solution for monitoring servers, Websites, IoT devices and networked machines/production facilities.
Enginsight intuitively combines IT monitoring, cybersecurity and penetration testing,paired with intelligent algorithms (neural networks), which guarantee a maximum of automation.
06
05
04 03
02
01
Enginsight acts Pro-ActivelyAutomation through a plugin system
Concrete recommendations for actionWebhooks (Push)
Auto UpdatesConsulting
SOLUTION
Automated penetration testing Information retrieval on the basis of defined target
groups with the knowledge of the watchdogs
Reproducible security scenarios through standardized audit reports
PENETRATION-TEST
Interactive map of your entire IT landscapeImmediate detection of dependencies
Manual creation of IT environments possibleDocumentation of responsibilities
VISUALIZATIONAnomaly detection by neural network (AI)CVE scannerEvents / Alarm SystemDeep Packet InspectionSecurity Scores Detailed Reporting (PDF reports)
EVALUATION
LIVE monitoring and data collection on security and availability on a host.
MONITORING
Network Asset DiscoveryAutomatic detection and classification of all devices for each network segmentWindows & Linux devices | VM hosts | IoT device IP devices (e.g. printers, routers, switches)
DISCOVERY
WATCHDOG
PULSAR AGENT
Setting up standard health checks such as Ping, Port and SNMP
WITHOUT AGENT
HACKTOR ENGINSIGHT SERVERAPI
#enginflowOBSERVER
LIVE monitoring and data collection on security and availability for an IP/URL.
Page 4 | enginsight.com | [email protected]
WHAT’S HAPPIN’ BACKGROUND
SERVER AND SOFTWARE COMPONENTS
SERVER COMPONENTS
APIUse our powerful API for individual solutions and integration scenarios. All functions of the Enginsight platform can be used via API. Integrate Enginsight into existing applications or develop your own applications with Enginsight in the backend.
MONGO DBEnginsight uses MongoDB as its central database. The API server and the profiler communicate directly with the database. We recommend that you run the database on a separate server.
ProfilerThe Profiler is required if autonomous parameterization of server metrics is to be used. It is responsible for the calculation of the AI profiles.
additional servicesOur micro service architecture includes a number of additional services that can be outsourced to your own servers if required. These include the application service for basic functions such as user management, the UI service for the user interface and the sentinel that provides the alarm system.
SOFTWARE COMPONENTS
Observer
The Observer stands for the “view from outside”. It examines which information can be obtained by observing the endpoints (URLs/IPs) from outside without having internal access to the systems. The Observer permanently monitors an endpoint for security-relevant information and availability. Multiple Observers can be combined to provide a view from different locations to one endpoint.
non-invasive (extern) | CVE-Scanner | Uptime Monitor | SSL/TLS Check | Portscan | HTTP-Header Analysis | Vulnerability Test
Watchdog (Enginflow Step 1)
The Watchdog scans entire network segments (Asset Discovery) - all devices in the network are automatically detected and inventoried. At the same time, it searches for security vulnerabilities and provides standard monitoring via SNMP, pings and port monitoring.
non-invasive (intern) | CVE-Scanner | Inventorisation | Health-Checks (Ping, Port, SNMP)
Pulsar Agent (Enginflow Step 2)
The Pulsar Agent is installed on any device (server, client, IoT, ...). The agent provides all information regarding monitoring and security and can execute commands on the system independently if required.
non-invasive (intern) | SIEM | DPI | CVE-Scanner| Configuration Deficiencies | Uptime Monitoring | Process Monitoring | Software Inventory | AI Anomaly Detection
Hacktor (Enginflow Step 5)
The Hacktor can be installed in a specific network segment to perform penetration tests on the accessible assets. The following attack targets are possible: entire network segments, IP addresses and endpoints (e.g. URLs).
invasive (!) | Automated penetration test (Intelligence Gathering, Spoofing, Bruteforce, Discovery, DDoS)
ON-PREMISE CAPABLE AS DOCKER ENVIRONMENT
ALSO AVAILABLE AS HARDWARE APPLIANCE
external viewinternal view
NO
N-IN
VASIVE
INVA
SIVEOnline-Dokumentation: https://enginsight.com/docs/
Seite 5 | enginsight.com | [email protected]
Modern Structures High Performance
TECHNICAL ARCHITECTURE
OBSERVER
WATCHDOGAsset Discovery
PULSAR Agent
HACKTORPentester
COMPANY
HTTPS
MONGO DB
SERVER API
PROFILER
SERVICES
SentinelCorrespondent (Reports)AnomaliesReporter (Scores & CVEs)
ENGINSIGHT CLOUD
HTTPS
HTTPS
ON-PREMISE READY
CLUSTERABLE
VIRTUAL OR
HARDWARE-APPLIANCE
Page 6 | enginsight.com | [email protected]
Eventlog analyses out-of-the-box, without preconfiguration or special use cases.
All vulnerabilities (CVEs) are managed by a Vulnerability Manager.
With the help of dynamic searches, all affected systems of the IT infrastructure can be identified quickly and transparently.
• Evaluation of event logs
• Failed login attempts
• Successful login attempts
• system events
• process events
• group events
• Dynamic Log Analysis
• Root Cause Detection (Drilldown)
• Flexible Dashboards
• Ad hoc Search
• External CVE scan Security relevant information that can be obtained by observing the endpoints (URLs/IPs) from the outside, without having internal access to the systems.
• Internal CVE scan Security relevant information that can be obtained by observing the participants within a network segment without installing agents on the devices.
• CVE scan on Hosts Security relevant information collected directly on a host (agent installation).
• Configuration deficiencies Detection of security-relevant configuration deficiencies that make the system vulnerable.
SIEM
Analysis of event logs
VULNERABILITY MANAGER
Finding security breaches
no software component necessary CVE scan and vulnerability search
All-in-one Security Insights
INSIGHT SECURITY ANALYSES
Page 7 | enginsight.com | [email protected]
• ARP Spoofing
• DNS Spoofing
• IP Spoofing
• MAC Spoofing
• Portscan
• SYN Flooding
• Hidden Services (tor, proxies, ...)
• Ping of Death
• Blacklisted IPs (well known attack IPs)
• Remote Code Execution
• Cross Site Scripting
• SQL Injection
• Path Traversal
• Fake Browser Activity
• Spam Bots
• Intelligence Gathering Information retrieval before an attack, e.g. which system, which version, ports, services, etc.
• Discovery Our web-based discovery searches for suspect accessible files such as server configuration elements, index files, HTTP server options, etc. and attempts to identify installed web servers and software.
• Spoofing TCP Sequence Prediction & IP-ID Sequence Prediction: Attack method in IP networks to simulate a different sender for the victim (IP spoofing) or to take over existing connections.
• Bruteforce ssh, ftp, telnet, etc.
• DDoS passive DDoS attack as part of the Discovery to verify server stability
NETWORKTRAFFIC
Detection of network attacks
PENTESTING
Automated attack scenarios
The detection scenarios in network traffic as well as the attack possibilities of the automated penetration test are continuously expanded and adapted to the current requirements.
Automated, plannable execution of a standardized penetration test including detailed reporting.
HACKTORPentester
necessary software componentno software component necessary
For each pentest you will receive a meaningful audit report. You see at a glance, where action is needed.
By using templates, you can repeat pentests once they have been defined to verify the measures taken.
An AI-supported procedure also detects whether personal data leaves the host unencrypted.
Page 8 | enginsight.com | [email protected]
ENGINSIGHT NEXT™
Anomaly detection w/ neural networks
MONITORING
Custom Metrics and Health-Checks
Intelligent IT-Monitoring
IT-MONITORING
If data is monitored autonomously, it is a matter of basic understanding of this data, which can be mapped by a neural network. And this is exactly what modern IT needs in order to deal effectively with the mass of data. Through the AI-supported monitoring of any metrics, it is possible to automatically detect anomalies and derive future forecasts based on normal behavior.
• Website Monitoring Monitoring of Website Uptime & Performance
• Location Based Monitoring Use our predefined or your own locations to monitor the accessibility of your website from different locations.
• Host/Server Monitoring Use Enginsight to monitor any Windows® and Linux®-based host. Monitor Standard Metrics like CPU, RAM, SWAP
• Custom Metrics Using a standardized format, any metrics can be recorded, visualized and monitored. These can be e.g. DB requests per minute, HTTP errors or visitors to your website. All data that can be displayed in a chronological order can be recorded.
• PING, PORT, SNMP Unlimited Health-Checks for all network devices
• Process & Service Monitoring Monitor all running processes and services. Together with the innovative alarm system of the Enginsight platform, you can react automatically to failures.
• Eliminate manual tasks The neural network independently takes over the parameterization for monitoring the metrics, such as CPU utilization, database sessions, http errors, etc., so that repetitive tasks on the part of the administrators are eliminated and the quality of monitoring increases.
• Reducing False Positives Due to the self-learning system, the admin is only informed in case of an anomaly, which reduces false alarms.
• Unencrypted Personal Data Enginsight NexT™ detects when personal data leaves the network unencrypted.
• Automated OS Detection
WHY HASN‘T ANYONE DONE THIS BEFORE?The prognosis using neural nets is very complex, especially if the net is trained extensively. An error or difference vector is calculated from a large number of runs and used as the basis for correction in the next input. For the neural networks a very high computational effort is therefore necessary, whereby the analyses of individual metrics take several minutes and are too slow for practical application in contrast to time series analyses.
But: We manage to calculate a metric within 2 minutes (see Metric Calculation). Thus the operation of our platform including the AI is already possible with a commercially available single-core PC.
Page 9 | enginsight.com | [email protected]
PLUGIN SYSTEM
Automated Tasksand Problem Solver
ALERTS
Extensive Alarm System
Automatizationand Alerts
ALARM & PLUGINS
The plugin system is one of the most powerful tools of Enginsight. Almost all scenarios are conceivable and executable on servers, clients and IoT devices. e.g.
Backups Blocking stolen devices Uninstalling unauthorized software Blocking attacks
• Easy cross-device alarms with tags Using tags, you only need to create one alarm to monitor multiple devices.
• Pre-define alarm scenarios Pre-defined alarm scenarios, which are constantly being expanded, save you manual configuration.
• Quick alerts You can easily add an alarm at almost any point in the software with one click.
• Chat-Integration Slack, Mattermost, Microsoft Teams
• Webhooks Use webhooks to push alarms into a third party system, e.g. ticket system
• Resolve Alarms If a problem has been fixed, e.g. by a plugin, you will be informed about it.
• Automate configuration Roll out configurations (e.g. SSL/TLS) to all hosts/servers or devices simultaneously. Or have configurations automatically imported to new network devices.
• Run actions in case of alarm Due to the self-learning system, the admin is only informed in case of an anomaly, which reduces false alarms.
• Cronjobs Schedule the execution of your plugins using cronjobs.
• Unlimited possibilities With the help of Python, Bash or Powershell there are no limits to your creativity.
MAINTENANCE WORK AND EMERGENCY MANAGEMENTIn hazardous situations, action must be taken quickly and even in an emergency, system operation should not come to a complete standstill. That sees by the way also the GDPR in such a way. Article 32 introduces the new protection objective of „resilience“ for systems that process personal data.
A Plugin can be written that with critical condition of the system automatically a Backup provided and on a server stores. Alternatively, a plugin could be imagined which would automatically restore the last security backup on the system when malware (e.g. an encryption trojan) is detected.
Page 10 | enginsight.com | [email protected]
06
05
04 03
02
01
Enginsight acts Pro-ActivelyAutomation through a plugin system
Concrete recommendations for actionWebhooks (Push)
Auto UpdatesConsulting
SOLUTION
Automated penetration testing Information retrieval on the basis of defined target
groups with the knowledge of the watchdogs
Reproducible security scenarios through standardized audit reports
PENETRATION-TEST
Interactive map of your entire IT landscapeImmediate detection of dependencies
Manual creation of IT environments possibleDocumentation of responsibilities
VISUALIZATIONAnomaly detection by neural network (AI)CVE scannerEvents / Alarm SystemDeep Packet InspectionSecurity Scores Detailed Reporting (PDF reports)
EVALUATION
LIVE monitoring and data collection on security and availability on a host.
MONITORING
Network Asset DiscoveryAutomatic detection and classification of all devices for each network segmentWindows & Linux devices | VM hosts | IoT device IP devices (e.g. printers, routers, switches)
DISCOVERY
WATCHDOG
PULSAR AGENT
Setting up standard health checks such as Ping, Port and SNMP
WITHOUT AGENT
HACKTOR ENGINSIGHT SERVERAPI
#enginflowOBSERVER
LIVE monitoring and data collection on security and availability for an IP/URL.
Cost-effective & Transparent
PRICING
FREE
ASSET REQUIRED
INCLUDED IN THE ASSET
YOU ONLY PAY FOR AN AGENT INSTALLATION OR THE MONITORING OF AN ENDPOINT (ASSET)Asset = URL, IP, Device, Server, IoT Device, Machine
Network asset discovery, monitoring via ping, port, SNMP, penetration testing, visualization of your Infrastructure is completely free. Only for a more in-depth monitoring of your devices, URLs, IPs is a asset is necessary. So you always have full cost control. The prices per asset are reduced according to purchase quantity and contract duration: O Price (SaaS): € 15.89 / Asset | O Price (on-premise): € 7.64 / Asset
FREE
FREE
ASSET REQUIREDFREE
FREE
INCLUDED IN THE ASSET
Page 11 | enginsight.com | [email protected]
ASSETS INCLUSIVE 5 20 50
Cybersecurity Suite
Security Audit
Automated Pentesting
Unlimited SNMP Sensors
Unlimited Port-/Healthchecks
Workflow Automation
IT Monitoring
IT Management
Multi Client
Unlimited Users
Basic Support Package
SMS Alerts 5 20 50
Vulnerability Manager
Slack/Microsoft Team/Mattermost Integration
PDF Reporting
Managed Onboarding
Individual MIBs
API Access
SAAS PRICING
BASIC
€
7495
€ 899,40€ 809,46
PREMIUM
€
35980
€ 4.317,60€ 3.885,84
PROFESSIONAL
€
99950
€ 11.994,00€ 10.794,60
PAYMENT METHOD
monthly
annually
ON-PREMISE
Would you like an individual offer to monitor a larger IT environment or using on-premises? We offer you our On-Premise as a one-time license purchase or as an annual rental model. Prices are based on the number of assets you need. Just contact us. We are happy to help!
Page 12 | enginsight.com | [email protected]
Number of support usersauthorized contact persons 1 2 10
Enginsight Knowledge BaseOnline access to the Knowledge Base
Software Updatesregular free software updates
E-Mail SupportInquiries to [email protected]
Reaction timeduring the service hours 9 to 18 o’clock 48 h 16 h 4 h
Support Hotlineduring the service hours 9 to 18 o’clock
Inquiries by phoneNumber of calls per month 10 / month 40 / month
Remote supportRemote maintenance via Teamviewer
Individual trainingper month 1 h 2 h
Managed Onboardingjoint creation of your account 1 h 2 h
Prioritized ticket processingProcessing with high priority
Live Supportchatexclusive Mattermost Channel
Minimum contract period 1 month or more 3 months or more
SUPPORT PACKAGES
BASIC
€
000
per month
PREMIUM
€
19999
per month
PROFESSIONAL
€
39999
per month
You want some more? We offer special support packages and training concepts for our Enginsight customers.
Page 13 | enginsight.com | [email protected]
Multi-client capability
User Roles
Unlimited Users
Global Search
Integrated alarm system
Webhooks for alarms and
Documentation of
PDF reporting
API access
General
Certificate manager
Plugin system for automation
IT maps
Individual Dashboards
Dependency analyses
Patch Management (Linux)
Cron jobs
Threat manager
IT-Management
Asset Discovery
Acquisition of all devices in a network segment
Classification of equipment
Continuous scan for new devices
Acquisition of services (Mail/Web/AD/etc.)
Scan of any number of network segments
Visualization of all found devices
Management & Pentesting
FEATURES
Security Audit / Pentest
Security Audit Reports
Automated penetration testing
Templates for standardized audits
Definition of Target Groups
Operation of any number of pentesters
out-of-the-box
Page 14 | enginsight.com | [email protected]
Security analyses for linux-based systems
Security analyses for Windows-based systems
Determination of a risk score
recommendations for action
Finding safety-relevant configuration deficiencies
Finding vulnerabilities (OS and Third Party)
Classification of vulnerabilities incl. CVSS scoring
Scan of Docker Containers directly in the CI process
Deep Packet Inspection (DPI)
Detection of DDoS attacks
Detection of Bruteforce Attacks
Detection of man-in-the-middle scenarios
Detection of bot activity
Detection of unencrypted personal data in network traffic
Classification of attacks by type and origin
Finding security updates
Finding Unauthorized Software Installations
Installing updates (Linux only)
Installation of automated actions in case of alarm
Support for x86
Support for ARM
Cybersecurity IT-Monitoring
Server monitoring
Software monitoring
Process Monitoring
Network Monitoring
Health Checks*
SNMP, Ping, Port Monitoring*
IoT monitoring
Recommendations for action
Individual MIBs
KI-supported availability monitoring
Automated rule creation
AI-supported evaluation of individual metrics
The view from the insideFEATURES
Except the services marked with *.Agent installation on device = paid asset
An agent installation is required for complete internal monitoring
Page 15 | enginsight.com | [email protected]
Web Security/Monitoring
Security scoring
Analysis HTTP Headers
SSL/TLS validation according to BSI specifications
SSL/TLS validation according to DSGVO
SSL/TLS Security Analysis
Certificate monitoring
CVE Scanner
Penetration Tests (OWASP)
Finding Configuration Defects
Extended portscan
Scan for unknown malware
Uptime monitoring
Loading time monitoring
Redirect monitoring
Transactional analysis
Various locations
Individual locations
The view from the outsideFEATURES
No installation is required for monitoring from outside.*
Simply enter URL or IP address and in a few seconds the security analysis and LIVE monitoring will start.
*URL or IP address = paid asset
Page 16 | enginsight.com | [email protected]
Never before has it been so easy to monitor entire
IT infrastructures and protect them against
cyber attacks.
Enginsight is based on the latest technologies
and offers maximum automation.
Convince yourself of the enormous performance and the comprehensive
feature set.
Any questions? We are happy to help!
FYI
ENGINSIGHT GmbHHans-Knöll-Straße 607745 Jena
+49 (0)3641 271 49 [email protected]
County Court JenaHRB 512808VAT ID: DE313919553Tax ID: 162/153/74606
YOUR PERSONAL CONTACTMr. Mario JandeckCEO, Enginsight