Digital DNA
Digital DNA
Breakthrough Malware Detection System
Enterprises must reduce the risk of cyber threats to protect critical data and operational assets. Intellectual property, confidential information, trade secrets, financial data, and money are being stolen at increasing rates. New malicious code is introduced daily into networks through the Internet and insider threats. Studies prove that commercial anti-virus and traditional host intrusion detection systems don’t detect 80% of new malware, especially new variants, polymorphic code, and malware that resides only in memory or hides using rootkits.
Digital DNA is a revolutionary technology to detect advanced computer security threats within physical memory without relying on the Windows operating system which cannot be trusted. All software modules residing in memory are identified and ranked by level of Severity. The Digital DNA Sequence appears as a series of Trait codes that when concatenated together describe the behaviors of each software module.
Read the Digital DNA Datasheet
The screenshots below show threat Severity and a partial list of Traits related to an example module called iimo.sys.
Ranking Software Modules by Threat Severity using DDNA
Software Behavioral Traits
Observed behavioral Traits are matched against HBGary’s “Malware Genome” database to classify digital objects as good, bad or neutral. Rules and weighting are applied to compute the overall Severity score. Users can see the underlying Trait descriptions to gain fast insight into software behaviors.
Ultimately, any network can and will be compromised. Digital DNA is your last line of defense in a defense-in-depth strategy. Reduce risk by quickly detecting new threats that are bypassing your existing security infrastructure.
HBGary Responder™ Enterprise - Digital DNA™ for McAfee ePolicy Orchestrator®
HBGary Digital DNA™ is integrated with McAfee ePO™ empowering enterprises to proactively detect, diagnose and respond to advanced cyber threats on compromised Windows computers throughout the network. Malware threats are automatically detected on endpoint nodes and displayed on the web-based ePO™ dashboard console. Behavioral Traits provide quick threat metadata. Historical alerts are centrally reported and correlated. HBGary Digital DNA™ leverages your existing ePO™ enterprise hardware, software, and network communications infrastructure. No new host agents are required. Deploying and scheduling Digital DNA is handled by ePO™. Your existing staff can use Digital DNA with little or no training to gain endpoint security visibility. HBGary participates in the McAfee Security Innovation Alliance partner program.
HBGary Responder™ for Incident Response Investigations - Digital DNA™ on a Standalone System
When HBGary Digital DNA™ for ePO™ detects new threats, security professionals can conduct deeper inspection of compromised computers with HBGary Responder™. By tightly coupling physical memory forensics and malware analysis in a workstation analysis system, Responder reliably identifies all digital objects on a computer and provides valuable intelligence on what bad guys are doing. Responder automatically reconstructs and displays all informational objects stored in RAM such as running processes, drivers and modules, strings, symbols, and open registry keys, files, and network connections. Digital DNA is an optional software module for Responder Professional. Responder helps incident response professionals understand malware fast. It provides human readable information and contextual graphics, while traditional binary reverse engineering tools require deciphering esoteric assembly code.
Responder allows the investigator to quickly find relevant evidence by interacting with binaries, observe behavior during runtime, and automatically harvest data into useful sets to create professionally formatted reports. Responder identifies malware’s capabilities, recovers its command and control functions, and recovers passwords and encryption keys to help security professionals to gain malware attribution and bolster network defenses. Responder automatically reconstructs and displays all informational objects stored in RAM such as running processes, drivers and modules, strings, symbols, and open registry keys, files, and network connections. Digital DNA is an optional software module for Responder Professional.
