How TXShield Works

The five-step process to defeat zero-day APT attacks

TXShield is designed to detect an attacker's activities or behaviors, while they are searching for vulnerable targets.  It detects the attack methods used by the attacker as it automatically launches investigations on the attack at the early exploit or delivery attack stage. It decodes the attacking methods used and conducts real-time penetration tests to find where the weakness that has been discovered by the attacker is located. It then prepares to block the real attack on those endpoints or provide instructions to the security team to seal the exposure across the rest of the network. 

There are five major steps required to defeat zero-day attacks:

  1. Detect the early indicators and behaviors used by the attacker seeking new targets (not relying on known IOC’s)
  2. Isolate the infected system and mitigate the attack
  3. Learn the attack methods used by the attacker
  4. Perform a penetration testing on existing endpoint defenses to identify other systems with the same weakness or vulnerability.
  5. Fix/Contain those newly discovered vulnerable systems to prevent a similar attack from occurring on them.

TXShield contains several different protection technologies including, but are not limited to, agent-based behavioral analytics & rules, server-based signature-based protection, and TriagingX’s dynamic and static sandbox analysis.  

The system continually analyzes data that comes from sources such as the system File system Meta-Data, Windows prefetch Data, Event logs, Scheduled task Data, Registry Data, Other artifacts of interactive sessions such as Web History, Memory, Active Network Connections and Kernel Info: GDT, IDT, SSDT, Shadow SSDT, Hidden Process, Kernel Exports.

The solution consists of 5 components:

  • The Analyzer Server
  • An Endpoint Agent, with a minimal footprint which helps minimize the impact on system performance
  • A Security Tester Module
  • An embedded sandbox for static and dynamic analysis of suspicious objects (TXSandbox)
  • An optional Network Sniffer