Real-Time Dashboards
Includes Overview, Alarms, Security, Network, Files, Applications, plus 5 custom dashboards.
One Platform for Detection, Investigation, and Response
ThreatGuard is a network security monitoring platform designed for security teams of any scale looking to strengthen and protect their network.
The platform brings together alarms, network traffic, packet evidence, and session metadata into a unified investigative workspace, enabling security teams to move quickly from alert to analysis to response without switching between multiple systems.
Built to be powerful and flexible, ThreatGuard emphasizes ease of use across the investigation process. Integrated dashboards provide immediate visibility to alarms, files, applications, and network activity, while intuitive workflows help users quickly connect the dots between events, evidence, and impacted systems.
Platform Capabilities
APCON Intelligence with workflows
Includes automated rule updates to help ensure detection policies remain current.
Deep Packet Inspection
Includes signature-based detection and stateful protocol analysis.
AI-assisted Investigation
Connect the dots between events, evidence, and impacted systems
ThreatGuard is powered in part by AIp (APCON Intelligent Processor) which includes automated rule updates to help ensure detection policies remain current without requiring manual intervention from security teams.
ThreatGuard Features
Through its integrated framework, ThreatGuard enhances system interconnectivity while simplifying the deployment of advanced traffic analysis tools. These capabilities provide organizations with a flexible and scalable solution for modern network cybersecurity monitoring.
ThreatGuard's Real-Time Dashboards provide your network security team with System Overviews, Alarms, Security, Network, Files, Applications, and provides the ability to create up to 5 custom dashboards so they see what they need to keep your network safe.
ThreatGuard is powered in part by AIp (APCON Intelligent Processor) with APCON Intelligence which includes automated rule updates to help ensure detection policies remain current without requiring manual intervention from security teams.
To streamline investigations, ThreatGuard includes a Connections Graph that allows security teams to document findings, follow evidence, and quickly identify relationships between hosts, sessions, and alerts. The dynamic Connections Graph provides a visual map of connected devices and traffic flows, helping users focus more quickly on what matters most.
ThreatGuard's deep packet inspection capabilities include signature-based detection and stateful protocol analysis, delivering detailed visibility into applications and traffic patterns some detection tools often miss, helping organizations detect suspicious traffic behavior, policy violations, as well as intrusion attacks.
When ThreatGuard flags malware, phishing, or ransomware activity, the Investigation Notebook lets your team document findings and follow the evidence trail across sessions and hosts. Capture context as you work, annotate key events, and build a clear record from detection through resolution.
The Alarms page is ThreatGuard’s front line for threat response. After network capture completes, detection rules run against the recorded traffic and results roll up into a single, searchable view. Start with severity and attack-type summaries (malware, exploits, phishing, DoS, scanning), drill into rules and endpoints, then pivot into sessions, hosts, and packet evidence. Filter by time, IP, rule, or category; tune the table to your workflow; and mask noise so analysts focus on what’s new and important.
Once traffic is ingested, ThreatGuard inspects every session for denial-of-service patterns, port scanning, lateral movement, and intrusion indicators. Session metadata is extracted, connected devices are mapped, and threat criteria are evaluated, giving your team the evidence to act on.
To support security teams wherever they work, ThreatGuard also, includes a feature-rich Apple/Android mobile application that allows administrators to receive real-time notifications about security events and monitor alerts remotely.
Multiple Deployment Models
ThreatGuard supports multiple deployment models and can run seamlessly on the IntellaStore IV hardware appliance or as a standalone software platform for on-premises or cloud environments.
IntellaStore IV
Hardware
ThreatGuard comes pre-loaded on the AIp (APCON Intelligent Processor) in our IntellaStore IV with a 60-day trial
Standalone/
On-Premises
Install ThreatGuard on your existing standalone/on-premises network security infrastructure with a 30-day trial
Cloud
Based
ThreatGuard can be deployed in your preferred network security cloud environment with a 30-day trial
ThreatGuard Mobile App
To support security teams wherever they work, ThreatGuard also includes a feature-rich Apple and Android mobile application that allows administrators to receive real-time notifications about security events and monitor alerts remotely.
