Cyber Security is Broken…. Why?There are Three Critical Weaknesses in the Typical Cyber Security Model…
CIRT Overcomes these Weaknesses
CIRT is the first and only product to integrate network forensics, host forensics, malware analysis and large-scale data auditing. It gives you visibility into all of this critical information through a single pane of glass, and unlike other products it actually provides enterprise-class remediation capabilities. So not only are you able to figure out what’s happening on your network faster, you’re actually able to do something about it faster.
What Can You Do with Cyber Intelligence & Response Technology?
- Detect Unknown Threats and Data Leakage
- Continuous Monitoring
- Auto-respond to Third-Party Alerts
- PCI Compliance
- Multi-team Collaboration and Real-Time Incident Management
- Malware Disassembly Analysis – No Sandbox Required
- Gather Cyber Intelligence
- Root Cause Analysis
Proactive Compromise Assessment to Detect External and Internal Threats
- Scan tens of thousands of computers and network shares to identify suspicious binaries or data leakage without having to rely on signature-based tools and alerting systems.
- Scan for known malware using your existing threat intelligence.
- Audit for data spillage, using a broad variety of search criteria.
- Identify previously unknown malware using built-in threat scoring and malware analysis.
- Get the same robust analysis capabilities of FTK.
- Advanced volatile data/memory analysis.
- Static RAM analysis from an image or against a live system.
- Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context.
- Dump a process and associated DLLs for further analysis in third-party tools.
- Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated space and dump the corresponding item.
- VAD tree analysis and expose registry artifacts in memory and will parse and display handle information from memory.
- Correlate host data with network traffic.
- Real-time network traffic visualization allows you to detect anomalous behavior.
- Build integrated maps of assets and users.
- Monitor for known threats and receive email alerts.
- Once anomalous behavior has been detected or an alert received, immediately drill into all suspect nodes for host analysis.
Reactive Impact Assessment and Root Cause Analysis
- Learn the behavior and intent of suspicious binaries in seconds.
- Forensically analyze hosts to determine the delivery mechanism of an exploit, whether its email, removable media, a website, hacking or a rogue employee.
- Search hosts for confidential or classified data.
- Build a threat profile and scan the enterprise against it to identify all compromised nodes.
- Correlate host data with forensic network data to see proliferation, external domains being called and more.
- Build “integrated maps” of certain assets or users.
- Play back incidents in real time.
- Independent of keyword or linguistic matching, you can determine how proprietary or inappropriate information proliferated from code servers, HR or financial databases, R&D labs and others.
- Directly visualize audit logs and alerts, and correlate actual network traffic to provide a complete picture of activity around the time a suspicious event occurred.
The ONLY malware analysis technology to provide detailed behavior and intent information WITHOUT THE SANDBOX.
- CIRT’s built-in malware analysis generates threat scores for binaries during an enterprise-scan.
- Set a threshold so higher scoring binaries are automatically disassembled for deeper analysis.
- Cerberus disassembly analysis will emulate a binary without the need for a sandbox, signature-based tools or traditional heuristics.
- Gain actionable intelligence in seconds without waiting hours or days for a malware team.
- Once you have the information you need to make critical decisions, you can pass on the binary for traditional analysis to ensure you’ve gathered all possible intel on the binary.
- See the attributes Cerberus is able to expose.
Large-scale Compliance and Data Spillage Auditing
- Perform PCI audits, using regular expressions consisting of credit card number patterns, to identify all instances of payment card information on every node across your enterprise.
- Use classified caveats, such as “eyes only” and “classified” to zero in on classified data spillage.
- Detect PII across the enterprise using social security number patterns and other PII search terms.
- Robust reporting of all activities and findings allows you to illustrate your compliance to regulatory bodies.
Continuous Monitoring, Including Employee Laptops that are not Logged into Your Network
- Removable media monitoring allows you to see removable device usage, showing exactly what files were copied to the device or downloaded from the device.
- Build threat profiles using your existing threat intelligence and the intelligence gathered with CIRT, then monitor network traffic and host activity.
- Receive alerts when unauthorized activity is detected.
- Configure CIRT to automatically respond when unauthorized activity, malware or confidential data is detected.
- Monitor social media, chat and webmail activity, even when an employee laptop is not logged into your network.
Integrates with third-party alerting solutions, such as ArcSight ESM
GUI-integrated Batch Remediation
Intelligent Agent – Persistent and “Dissolving”
- Agent-side search and analysis of live memory and volatile data on both 32x and 64x machines
- All jobs are executed agent-side, so even if an employee logs off for the day, jobs are not interrupted.
- Schedule the agent to “check in” periodically to send back data and alert you to potential threats, including suspicious internet activity and removable device usage.
- Even if an employee is using public Wi-Fi or their own internet connection, you still have visibility into their activity.
Our experienced team can provide in depth product or service explanations as well as, schedule a demo, and/or price quotes. You can expect a reply within 24-48 hours.
For an immediate response please contact us at: Domestic US: 800.574.5199 | Int’l: +44(0)20 7010 7800.
The incident response community has been wishing for something like this for a long time. This [CIRT] is the holy grail of incident response.
Fortune 500 Company