Advanced Security Protection for Malware, Fileless and Hacking Threats
Our digital world is becoming increasingly complex, with a massive increase foretasted in new computing and IoT devices being connected to the corporate networks. In addition, most enterprises are in the midst of a business and architectural transformation as they move their data from on-premise to new hybrid-public cloud environments. This needs to meet the challenge of increasingly sophisticated attackers, who are merging the advanced skills, tools and methods of Nation State and Criminal Actors in driving more aggressive attack campaigns.
We at TriagingX believe that solutions need to augment the human intelligence and experience of Information Security teams by providing deep analysis that is automated and easy to understand.
- Detect the attack from earliest indications (not relying on known IOC’s)
- Learn the attack methods used
- Adapt by finding the weakness in other connected systems
- Fix the weakness, before the attacker act
- Real-Time Threat Hunting – Can take ‘just in time’ snapshot of the suspected system
- Automated Analysis – Helps your IR team become ‘smarter’ through machine-assisted incident investigation, with automated object analysis
- Robust Security – Goes beyond ‘first discovery, by determining the attack methods, and automatically running ‘fire-drill’ tests on other connected systems
- Adaptive Security – Helps automate the ‘Contain’ actions by sealing the vulnerable systems, before they are exploited by attacker
Advanced Endpoint Protection
This targets one of the major challenges in securing enterprise environments, which is how to reduce the asymmetric advantage enjoyed by attackers, where they often only need to compromise one weakness, while defenders scramble to prioritize and fix scores of vulnerabilities. In order to protect against known attacks and automatically launch investigations on pre-attack reconnaissance and attacking incidences, it decodes the new attack methods and conducts real-time penetration tests across the network to find the similar weaknesses in order to block the next attack wave
There are five major aspects as how to defeat the zero-day APT attacks:
Detect the early indicators and behaviors used by the attacker seeking new targets.
Isolate the infected system and mitigate the attack.
Learn the method used by attacker to perform a pen-tests to identify other systems with the same weakness or vulnerabilities
Fix/Contain those newly discovered vulnerable system to prevent a similar attack from occurring.
Endpoint Breach Investigation
Most threats are human based and adversaries can’t be stopped solely by checking a box or installing a program. It requires hunters who know their tactics, techniques and procedures to stop them. The goal is to prevent and/or minimize damage before it occurs, not just on one device, but across the network. Observables such a File Hashes , IP Addresses or specific URL’s are useful for blocking a specific attack and for connecting the dots between two separate attacks when the adversaries chooses to re-use tools and infrastructure. However, the effective life of an observable is often very short (hours-days) which is why we focus on behaviors , linkages and patterns where the effective life is valid for much longer periods (weeks-months).
This requires us to move away from ad- hoc processes and static IOC’s to more automated and systematic solutions. TXHunter provides an easy and convenient tool for conducting threat incident investigations remotely. If any endpoint system or server is suspected of having been attacked, TXHunter can simply take a snapshot of the suspicious system and automatically conduct an incident investigation. If the investigation process identifies suspicious files or URL links, it will automatically launch the TXSandbox for a behavior analysis. Alternatively, it can optionally be deployed as a lightweight passive agent on the endpoint systems.
• ‘Point and Click’ Threat Hunting
• Takes system snapshot analysis from your desktop along with suspicious objects
• No permanent agent is required to be installed
• Automatically launches TXSandbox for a behavior analysis
This is a next generation sandbox that features multiple classifiers for increased accuracy, lower false positives and more adaptable PE/NonPE file coverage. It runs in a Linux docker container, or in any type of VM and can be deployed on-premise, or in private and public clouds, such as AWS. It doesn’t require Microsoft Windows licenses which can save a lot of costs for large deployments.
Access is via a Web GUI or Restful API for integration with existing products, such as IPS/IDS, FW and WAF
• Provides highly accurate,
• Static and behavioral
• Analysis on unknown files and URLs
• Exercises Advanced Threats
• Runs in flexible docker container, VM or appliance
• Highly Scalable
• Data stays within your control