Proactive & Reactive Compromise Assessment…
In Hours, Not Days
AccessData Professional Services can accomplish in hours what normally takes multiple departments and numerous resources days to achieve. Our technology makes it possible to scan your entire enterprise to perform a comprehensive impact assessment without having to sift through logs and manually correlate data.
Reactive Compromise Assessment
Once we’ve detected and identified an exploit, we are able to scan tens of thousands of nodes to identify the same malicious processes or sensitive files wherever they reside in your organization. In addition, we correlate the threat intelligence we’ve compiled with live monitoring of your network communications to identify all nodes exhibiting the same anomalous behavior. Even if an exploit is morphing over time, the action that exploit is designed to perform remains the same, and we can see those actions, because of the visibility we have into what’s happening at both the host and network levels.
Although we are able to perform sophisticated compromise assessments independent of signature-based tools and event logs, we are also able to take existing threat intelligence and scan your enterprise against that criteria. The result of combining our methodology with the traditional signature-based methodlogy is a more comprehensive, more efficient impact assessment process.
Detect the Unknown Threat with Proactive Compromise Assessment
We encourage you to take advantage of our proactive compromise assessment service. We routinely uncover security breaches, leaked data and the use of unauthorized applications, all of which our clients had no knowledge. This is an invaluable exercise and a relatively simple one, with the use of our solutions.
We’re able to leverage your existing threat intelligence, as well as our own, but unlike other providers, we are not blind without this information. Once we deploy our technology, we have full visibility into your network traffic and into what’s happening on individual computers across your organization. We scan the enterprise for both anomalous binaries and classified or confidential data to reveal malware and data leakage. In addition, we leverage our network forensics technology to expose anomalous behavior, correlating that with host data to uncover advanced persistent threats and more sophisticated exploits.
Exposing Unknown Malicious Binaries
During an enterprise scan our built-in Cerberus malware analysis technology will automatically run threat scores against binaries. Then we’re able to automatically drill into binaries with higher threat scores to perform disassembly analysis, revealing critical information that tells you the behavior and intent of each suspect binary.
Detect Classified and Confidential Data Spillage
Using keywords, hashes and other search criteria, such as regular expressions in the form of credit card and social security number patterns, AccessData will audit your entire enterprise to detect data leakage. Unfortunately, we frequently discover social security numbers and credit card numbers in unsecure locations, as well as evidence of rogue insiders stealing data.
Once all confidential and classified data has been located and flagged, we can remediate in accordance with your internal policies or utilize our batch remediation technology to securely wipe all files in question.
The Analysis Capabilities of AccessData Technology
Rapid Enterprise-class Host Analysis
- The ONLY commercial enterprise investigations solution to enable the analysis of volatile memory on both 32-bit and 64-bit Windows operating systems.
- Advanced agent-side search and analysis of live memory on Windows machines across the enterprise.
- Correlate static forensic data and volatile incident response data within the same interface.
- Incident response console enables rapid review and analysis of key volatile data elements in an easy-to-use format with differential views of data across machines and across time.
- Integrated analysis and forensic collection of network shares.
- Right-click process kill during an IR investigation.
- Batch Remediation allows authorized personnel to automatically remediate threats on multiple machines at the same time, which is critical to preventing widespread damage due to fast-proliferating threats.
Unsurpassed Memory/Volatile Analysis
- Supports 32-bit and 64-bit Windows® OS
- Comprehensive analysis of volatile data
- Static RAM analysis from an image or against a live system
- Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context.
- Dump a process and associated DLLs for further analysis in third-party tools.
- Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated space and dump the corresponding item.
- FTK 4 now provides VAD tree analysis and exposes registry artifacts in memory and will parse and display handle information from memory.
Cerberus Malware Analysis
- Isolate potential threats faster with automated threat scoring.
- See a breakdown of suspect characteristics.
- Binary attributes are categorized in easy-to-comprehend buckets.
- Review extracted arguments.
- Get the critical behavior and intent information you need prior to sending malware on for deeper analysis.
Network Forensics with the SilentRunner® Solution
- Using interactive graphical representations illustrating propagation, we can efficiently analyze users, hosts, domains, applications, protocols and addresses — detecting changes or abnormalities from established network baselines.
- Advanced visualization tools allow us to create a picture of communication flows to expose anomalies, illegal connections and security and network problems.
- We build “integrated maps” of specific assets or users across various geographical locations to see after-hours usage spikes and to map virus/worm or confidential data spill proliferation.
- On-demand playback allows us to conduct post-event analysis and reconstruct events in their exact sequence to immediately uncover the complete picture of activity around the time a suspicious event occurred.
- We can show you which websites are being visited, emails, chats and social media content.