Advanced Security Protection for Malware, Fileless and Hacking Threats
Our digital world is becoming increasingly complex, with a massive increase forecasted in new computing and IoT devices being connected to the corporate networks. In addition, most enterprises are in the midst of a business and architectural transformation as they move their data from on-premise to new hybrid-public cloud environments. This needs to meet the challenge of increasingly sophisticated attackers, who are merging the advanced skills, tools, and methods of Nation State and Criminal Actors in driving more aggressive attack campaigns.
We at TriagingX believe that solutions need to augment the human intelligence and experience of Information Security teams by providing deep analysis that is automated and easy to understand.
- Detect the attack from earliest indications (not relying on known IOC’s)
- Learn the attack methods used
- Adapt by finding the weakness in other connected systems
- Fix the weakness, before the attacker can act
- Real-Time Threat Hunting – Can take ‘just-in-time’ snapshot of the suspected system
- Automated Analysis – Helps your IR team become ‘smarter’ through machine-assisted incident investigation, with automated object analysis
- Robust Security – Goes beyond ‘first discovery, by determining the attack methods, and automatically running ‘fire-drill’ tests on other connected systems
- Adaptive Security – Helps automate the ‘Contain’ actions by sealing the vulnerable systems, before they are exploited by the attacker
Advanced Endpoint Protection
This solution targets one of the major challenges in securing enterprise environments, which is how to reduce the asymmetric advantage enjoyed by attackers, where they often only need to compromise one weakness, while defenders scramble to prioritize and fix scores of vulnerabilities. In order to protect against known attacks and automatically launch investigations on pre-attack reconnaissance and attacking incidences, it decodes the new attack methods and conducts real-time penetration tests across the network to find any similar weaknesses in order to block the next attack wave
There are five major methods to follow in order to defeat the zero-day APT attacks:
Detect the early indicators and behaviors used by the attacker seeking new targets.
Isolate the infected system and mitigate the attack.
Learn the method used by the attacker to perform a penetration test in order to identify other systems with the same weakness or vulnerabilities
Fix/Contain those newly discovered vulnerable systems to prevent a similar attack from occurring.
Endpoint Breach Investigation
Most threats are human-based and adversaries can’t be stopped solely by checking a box or installing a program. It requires hunters who know their tactics, techniques, and procedures to stop them. The goal is to prevent and/or minimize damage before it occurs, not just on one device, but across the network. Observables such a File Hashes, IP Addresses or specific URL’s are useful for blocking a specific attack and for connecting the dots between two separate attacks when the adversaries choose to re-use tools and infrastructure. However, the effective life of an observable object such as file hash, is often very short (hours-days) which is why we focus on behaviors, linkages, and patterns where the effective life is valid for much longer periods (weeks-months).
This requires us to move away from ad- hoc processes and static IOC’s to more automated and systematic solutions. TXHunter provides an easy to use and convenient tool for conducting threat incident investigations remotely. If any endpoint system or server is suspected of having been attacked, TXHunter can simply take a snapshot of the suspicious system and automatically conduct an incident investigation. If the investigation process identifies suspicious files or URL links, it will automatically launch the TXSandbox for a behavior analysis. Alternatively, it can optionally be deployed as a lightweight passive agent on the endpoint systems.
• ‘Point and Click’ Threat Hunting
• Takes system snapshot analysis from your desktop including suspicious objects
• Agent removes itself completely from the endpoint after running
• Automatically launches TXSandbox for a behavior analysis
This is a next-generation sandbox that features multiple classifiers for increased accuracy, lower false positives, and more adaptable PE/NonPE file coverage. It runs in a Linux docker container, or in any type of VM and can be deployed on-premise, or in private and public clouds, such as AWS. It doesn’t require Microsoft Windows licenses which can save considerable costs for large deployments.
Access is via a Web GUI or Restful API for integration with existing products, such as IPS/IDS, FW and WAF
• Provides highly accurate,
• Static and behavioral
• Analysis on unknown files and URLs
• Triggers and catalogs behaviors of Advanced Threats
• Runs in a flexible docker container, VM or appliance
• Highly scalable
• Data stays within your control