HBGary :: Press Releases

May 15, 2013

HBGary to Present on Developing A Capability-Driven IR Program at CEIC® 2013

HBGary to Present on Developing A Capability-Driven IR Program at CEIC® 2013

Sacramento California, May 15th, 2013 -- Today HBGary, a subsidiary of ManTech International Corporation, announced that HBGary Threat Intelligence Manager Matthew Standart will present, “Developing A Capability-Driven IR Program” at the upcoming Computer and Enterprise Investigations Conference (CEIC) 2013 in Orlando, Florida, which takes place from May 19 to 22, 2013.

“Too many organizations focus on the tools or products of incident response rather than the capabilities needed to achieve their response objectives. This causes excess spending, waste, and defects which lead to a reduction in overall incident response effectiveness and a subsequent increase in damage and loss to the business. By understanding and focusing on capabilities an organization can improve their response by strategically aligning technology, streamlining processes, reducing their costs, and defeating the adversary” said Matthew Standart, HBGary Threat Intelligence Manager.

Mr. Standart will deliver his presentation on Tuesday, May 21st, 2013 at 8:00 AM.

Joe Riggins, HBGary Senior Director of Incident Response, will also deliver a Feature Presentation on Monday, May 20th, 2013 entitled, “HBGary Active Defense 1.3: Deep Malware Analysis for Virtual Desktop Infrastructures (VDI).” In this 20-minute presentation, Mr. Riggins will briefly discuss why virtual environments present a challenge to incident responders and how the latest version of HBGary’s Active Defense solution provides incident responders the ability to do runtime malware behavior analysis for virtualized environments
“CEIC is one of the premier conferences in the security industry. We are pleased to be a Gold Sponsor at this event,” said HBGary General Manager & Vice President Penny Leavy.

At CEIC® 2013 booth #600, HBGary will demonstrate how its flagship products including Active Defense, Responder and Digital DNA can be used by incident responders to perform key phases of the incident response lifecycle. HBGary will also be highlighting its Professional Services offerings including Incident Response, Health Checks & Audits, Expert Malware Analysis and Threat Analysis and Intelligence.

In addition, HBGary will give away two online, instructor-led classes including Basic Malware Analysis Using Responder™ Pro and Advanced Malware Analysis Using Responder™ Pro for its conference drawing.

About HBGary
HBGary provides Enterprise Incident Response solutions and services to enable organizations to conduct key phases of incident response including detecting zero-days and other unknown malware, validating whether an actual incident has occurred, and responding to the incident. Customers include Fortune 50 corporations and U.S. government agencies. HBGary is located in Sacramento, CA and is a subsidiary of ManTech International Corporation. For information, please visit www.hbgary.com or HBGary’s Twitter or Facebook social media pages.

May 13, 2013

HBGary Announces Next-Gen Responder™ Pro

HBGary Announces Next-Gen Responder™ Pro

Responder™ Pro 2.1 Advances Industry’s Malware Detection and Analysis Capabilities

Sacramento, California, May 13^th, 2013 — In a move to significantly close the gap between discovery and mitigation of targeted attacks, HBGary, a subsidiary of ManTech International Corporation, today unveiled the next-generation version of Responder™ Pro, the de facto industry standard in automated Windows® physical memory analysis.

By leveraging Digital DNA™ 3.0, HBGary’s flagship technology, Responder™ Pro 2.1 detects the latest rootkits, Trojans, zero-days, and malware variants currently undetected by anti-virus, IOCs (indicators of compromise), and other signature-based solutions.

Responder 2.1 also provides 64-bit analysis and Unicode support, as well as support for Windows® 8 and Windows® Server 2012.

Fortune 50 corporations, leading government agencies, and state and local law enforcement agencies are just a few of the organizations using Responder™ Pro today to counter cyberattacks.

“With the rise in targeted attacks, organizations want tools to perform key phases of incident response, without needing expensive consultants to operate them. Responder™ Pro allows digital investigators of all experience levels to find never-before-seen threats, collect and analyze critical memory artifacts like chat sessions and images, and generate actionable intelligence to determine whether an incident has occurred — and, if it has, to dedicate the necessary resources for response,” said Frank Blackmore, HBGary Product Manager.

Responder 2.1 also includes FDPro™, the industry’s most complete memory acquisition tool.

About Digital DNA

Digital DNA™ cuts through the wide array of anti-forensic measures employed by today’s most stealthy malware. Digital DNA™ proactively identifies and analyzes the most advanced malware threats in physical memory, including those used against global organizations for theft of intellectual property, business intelligence, customer records, and classified information. All software modules residing in physical memory are identified and ranked by threat severity so incident responders, at a glance, can determine quickly how to allocate their resources to mitigate the risk to their business environment.

About Responder Pro

Responder™ Pro is the de facto industry standard Windows™ physical memory and automated malware analysis solution. Malware delivery and rootkit behavior not detected by anti-virus can be easily found using Responder™ Pro. The Responder™ Pro malware analysis module automatically generates a malware analysis report that provides a high-level overview of each binary’s possible capabilities broken out into 6 different factors. Responder™ Pro’s deep malware analysis includes automated code disassembly, behavioral profiling, pattern searching, code labeling, and control flow graphing.

Pricing and Availability

Responder Pro 2.1 costs $10,200 plus $2000 for a one-year subscription for Digital DNA. The product is available by May 31, 2013.

About HBGary

HBGary provides Enterprise Incident Response solutions and services to enable organizations to conduct key phases of incident response including detecting zero-days and other unknown malware, validating whether an actual incident has occurred, and responding to the incident. Customers include Fortune 50 corporations and U.S. government agencies. HBGary is located in Sacramento, CA, and is a subsidiary of ManTech International Corporation. For information, please visit www.hbgary.com or HBGary’s Twitter or Facebook pages.

Apr 8, 2013

HBGary Unveils First Deep Malware Analysis Solution for Virtual Desktop Infrastructures (VDI)

SACRAMENTO, Calif., Apr 08, 2013 (BUSINESS WIRE) -- In a significant technical advancement to help organizations proactively and quickly detect zero-days, rootkits and other targeted malware in remote virtual environments, today HBGary, a subsidiary of ManTech International Corporation, unveiled Active Defense(TM) 1.3 to provide live, runtime memory analysis of concurrent Guest OS sessions with minimal impact on the shared physical resources of the underlying server.

With HBGary Active Defense(TM) 1.3, malware analysis is no longer reliant on a physical memory dump saved to disk, resulting in quicker results that do not tax valuable shared resources to attain it.

Remote desktop virtualization is one of the biggest trends in IT today because it addresses the mobility of users while at the same time reduces the costs traditionally associated with supporting the devices they use. By using application virtualization and user profile management, it enables the central management of the desktop session environment and achieves separation from the physical device used to run it.

Yet VDIs are not immune to cyberattacks - roaming profiles enable roaming access; centralizing assets on shared physical resources means an outage will have a greater impact, and hypervisor isolation will only be secure so long.

"The popularity of remote virtualized desktops have made them a prime target for today's cyberattackers. Active Defense(TM) 1.3 provides live, runtime malware behavior analysis for these environments," said Penny Leavy, Vice President & General Manager, HBGary. "More than five years ago, HBGary developed our revolutionary Digital DNA(TM) technology to find the bad guys in the one place that they cannot hide - physical memory. We are pleased to offer our customers the industry's first deep malware analysis solution for Virtual Desktop Infrastructures."

Active Defense 1.3: How It Works

Active Defense 1.3 scores thousands of software modules so cyber defenders, using the technology's color-coded threat severity score, can quickly triage and respond to the most severe threats targeting their business environment.

"Runtime Digital DNA(TM) reads the pseudo-physical memory abstraction on the Guest operating system, making it ideal for quick scans that will have minimal impact on the usability of the host system managing the virtualization tasks. Unlike our traditional Digital DNA(TM), it is no longer necessary to dump the memory to the disk prior to reassembling and analyzing its contents. When you consider the exponential impact of doing this a hundred plus times to analyze each Guest, it is not hard to exceed the physical resources of the host hardware," said Jim Butterworth, CSO, HBGary. "Active Defense(TM) 1.3, with runtime Digital DNA(TM), is almost 20x faster when compared to the traditional (Memdump) Digital DNA(TM)."

Active Defense(TM) customers can choose to preserve memory using our traditional (Memdump) Digital DNA(TM) or opt for the memory-only, runtime Digital DNA(TM) version to adapt to the ever-changing threat environment while not adversely impacting their own resources.

In a live environment, the analysis of a memory dump file can involve a significant amount of disk I/O, which can impact usability of the system being scanned in heavily virtualized environments where multiple Guests will be sharing the same physical disk. "For those users who cannot accept any server downtime but still need to detect malware in the Guests, runtime Digital DNA(TM) is available," added Butterworth.

Active Defense(TM) 1.3 Availability

Active Defense(TM) 1.3 will be available by April 30th, 2013. To request a demo of Active Defense 1.3, please contact [email protected]

About Active Defense(TM) with Digital DNA(TM)

HBGary Active Defense(TM) with Digital DNA(TM) does forensically sound host-level scans across the enterprise to gather critical intelligence, including discovery of additional infections. Digital DNA(TM), our core technology, encompasses thousands of the traits commonly seen in advanced malware, such as code and browser injection, packing, obfuscation, surveillance, network communication, and many others. The analysis reveals the capabilities of all the software running on the system, and is highly effective because it requires no prior knowledge of a specific piece of malware - the simple fact that it is coded to carry out certain potentially malicious functions is sufficient to identify it as suspicious.

About HBGary

HBGary provides Enterprise Incident Response solutions and services to enable organizations to conduct key phases of incident response including detecting zero-days and other unknown malware, validating whether an actual incident has occurred, and responding to the incident. Customers include Fortune 50 corporations and U.S. government agencies. HBGary is located in Sacramento, CA and is a subsidiary of ManTech International Corporation. For information, please visit www.hbgary.com or HBGary's Twitter or Facebook social media pages.

Apr 3, 2013

HBGary Launches First Cybersecurity Government Forum

SACRAMENTO, Calif., Apr 03, 2013 (BUSINESS WIRE) -- Today HBGary, a subsidiary of ManTech International Corporation, announced that it is sponsoring its first annual Cybersecurity Government Forum, a complimentary, half-day event focused on the cybersecurity challenges facing America's public sector to be held on Tuesday April 16th, 2013 at the Washington Marriott at the Metro Center in Washington D.C.

The event is open to government agency security professionals only. Registration is required and seating is limited.

Brian Varine, Director of DOE's Joint Cybersecurity Coordination Ctr., will be the event's guest speaker.

Jim Butterworth, HBGary CSO, and Joe Riggins, HBGary Senior Director of Incident Response will provide the latest information on the cyberattacks against our nation's critical infrastructure as well as an overview of the best incident response strategies and solutions such as HBGary's Active Defense(TM) with Digital DNA to help government agencies counter these attacks.

Butterworth is a contributor to the newly published book, Handbook of SCADA/Control Systems Security published by CRC Press.

Initially funded by United States Air Force when it was first founded in 2003, HBGary focuses on providing the best security products and managed services to detect, respond and counter stealth, persistent adversaries against American government and commercial organizations.

"The sheer number and diversity of sustained cyber-attacks is clear indication that our adversaries have enjoyed the fruits of their labor at our expense. What is alarming however, are the growing instances where the motive of these attacks shifted from malfeasance to destruction. We are more reliant than ever on an infrastructure that is reliable, safe, trustworthy and protected. Our way of life depends on it," said Jim Butterworth, CSO, HBGary.

Mark E. Shaw, ManTech International Corporation, Executive Director, Cyber Security Operations Branch, will discuss the need for an evolving Security Operations Center (SOC) to detect and counter today's adaptive cyberattackers. ManTech manages America's leading government agency SOCs.

To register for the event, please visit http://www.hbgary.com/cybersecurity-government-forum-registration. For questions about the event, please contact Dianne Ferrari, HBGary Events Manager, at [email protected]

About HBGary

HBGary provides Enterprise Incident Response solutions and services to enable organizations to conduct key phases of incident response including detecting zero-days and other unknown malware, validating whether an actual incident has occurred, and responding to the incident. Customers include Fortune 50 corporations and U.S. government agencies. HBGary is located in Sacramento, CA and is a subsidiary of ManTech International Corporation. For information, please visit www.hbgary.com or HBGary's Twitter or Facebook social media pages.