Reactive Compromise Assessment
Once we’ve detected and identified an exploit, we are able to scan tens of thousands of nodes to identify the same malicious processes or sensitive files wherever they reside in your organization. In addition, we correlate the threat intelligence we’ve compiled with live monitoring of your network communications to identify all nodes exhibiting the same anomalous behavior. Even if an exploit is morphing over time, the action that exploit is designed to perform remains the same, and we can see those actions, because of the visibility we have into what’s happening at both the host and network levels.
Although we are able to perform sophisticated compromise assessments independent of signature-based tools and event logs, we are also able to take existing threat intelligence and scan your enterprise against that criteria. The result of combining our methodology with the traditional signature-based methodlogy is a more comprehensive, more efficient impact assessment process.
Detect the Unknown
Threat with Proactive Compromise Assessment We encourage you to take advantage of our proactive compromise assessment service. We routinely uncover security breaches, leaked data and the use of unauthorized applications, all of which our clients had no knowledge. This is an invaluable exercise and a relatively simple one, with the use of our solutions.
We’re able to leverage your existing threat intelligence, as well as our own, but unlike other providers, we are not blind without this information. Once we deploy our technology, we have full visibility into your network traffic and into what’s happening on individual computers across your organization. We scan the enterprise for both anomalous binaries and classified or confidential data to reveal malware and data leakage. In addition, we leverage our network forensics technology to expose anomalous behavior, correlating that with host data to uncover advanced persistent threats and more sophisticated exploits.
Exposing Unknown Malicious Binaries
During an enterprise scan our built-in Cerberus malware analysis technology will automatically run threat scores against binaries. Then we’re able to automatically drill into binaries with higher threat scores to perform disassembly analysis, revealing critical information that tells you the behavior and intent of each suspect binary.
Detect Classified and Confidential Data Spillage
Using keywords, hashes and other search criteria, such as regular expressions in the form of credit card and social security number patterns, AccessData will audit your entire enterprise to detect data leakage. Unfortunately, we frequently discover social security numbers and credit card numbers in unsecure locations, as well as evidence of rogue insiders stealing data.
Once all confidential and classified data has been located and flagged, we can remediate in accordance with your internal policies or utilize our batch remediation technology to securely wipe all files in question.