Solutions :: Early Targeted Attack Detection
Overview
Digital DNA
Advanced Persistent Threats
Early Targeted Attack Detection
Incident Response & Malware Analysis

Early Targeted Attack Detection

Today's adaptive persistent adversaries are motivated to continuously customize their attacks for your unique business environment. Not only can they bypass your traditional security solutions such as anti-virus, they also change their techniques and tactics to evade detection once in your business environment.

Since 2003, HBGary has been tracking and analyzing APT attackers and their customized malware and techniques to provide critical threat intelligence your IR team needs to detect - and counter - these attackers.

Leveraging its core technology Digital DNA, the proven, behavior-based method for detecting targeted, non-signature-based malware using physical memory, HBGary's Active Defense and Razor solutions provide actionable threat intelligence from the host to the perimeter of your organization so you detect APT attackers and other unknown and known threats, from botnets and rootkits to malicious PDFs.

HBGary's early APT detection and targeted attack solutions provide:

  • Unprecedented view of host-level threat
  • Critical threat intelligence for fast, cost-effective near-realtime response
  • Early detection of APT and other targeted attacks customized for your Enterprise so your internal IR team can spend time on attacks that matter

Active Defense™

Today's targeted threats circumvent existing security technologies and infect the most vulnerable point on your system � the host. HBGary Active Defense provides host-level detection and intelligence critical to protecting your data.

Active Defense™ detects APT and other targeted attacks - within seconds - without signatures or prior knowledge of the threat on disk or in all physical areas of memory. Active Defense monitors host physical memory, raw disk, and live operating systems across the enterprise, and provides an unprecedented view of host-level threats. With this actionable threat intelligence, organizations can quickly gather critical evident to contain the threat, locate compromised machines and mitigate the security risk - greatly reducing your incident response costs.

Leveraging HBGary's patent-pending, core technology Digital DNA (link to datasheet), Active Defense can scan thousands of end-nodes concurrently and provide critical threat intelligence such as:

  • The type of exploit tools used in the attack
  • Information on how the attacker moved laterally within the network
  • Credentials that have been compromised and potentially even what data has already been stolen

To read more about Active Defense and how it can help your organization, click here.

McAfee ePolicy Orchestrator Integration

Active Defense is now integrated and certified for McAfee ePolicy Orchestrator 4.6. To learn more about the benefits of this integration to your organization, click here.

Razor™

Anti-virus and other perimeter solutions can't detect APT and other targeted threats. Razor is a stand-alone appliance that automatically detects malicious PDF files, botnets and other stealth espionage at the perimeter using HBGary's core technology, Digital DNA, the proven, behavior-based method for detecting targeted, non-signature-based malware using physical memory.

Other perimeter security and some behavior based solutions are built on sandboxing and other outdated methodology that can't detect all unknown threats. Razor captures all executable code within the Windows operating system and running programs that can be found in physical memory, including targeted attacks, rootkits, injected code and custom malware so your IR team can provide near real-time response.

Razor Performs Behavioral Analysis at the Perimeter

  • Captures documents in real-time passively from the network
  • 'Detonates' these captured files within a virtual machine and performs extremely low level tracing of all instructions. This data is then used to recover clear-text information and behaviors that reveal whether the document is malicious.
  • Makes captured information available at the console for the analyst and generates a real-time alert
  • Detects known malicious command and control using a combination of DNS intelligence, protocol patterns, netblock reputation, and country of origin. The ruleset is updated as part of the Digital DNA subscription and customers can also specify their own custom rules.
  • Automatically can block all further traffic associated with the malicious site and/or document. HBGary provides regular updates for the Digital DNA™ behavioral rule set.

Razor provides critical threat intelligence including:

  • Command and control protocols, IP addresses, malicious URLs and DNS
  • Host level information, MD5 checksums, malicious file paths and registry keys
  • Exploit details and execution traces
  • Full packet captures

To read more about Razor's benefits for your organization, click here.

Inoculator™

HBGary Inoculator and Active Defense also work together to provide the first enterprise software solution to detect and remove both known and unknown advanced cyber threats.

HBGary Inoculator™ is an innovative enterprise appliance designed to detect, remove and prevent Windows® host re-infection of known malware, without waiting for your antivirus vendor to provide a detection signature. With its breakthrough Digital Antibody technology, Inoculator provides a countermeasure against targeted cyber threats, without disruption to your enterprise.

Corporations often require that all their machines be reimaged in order to clean malware from their systems. Yet re-imaging is not an effective or cost-efficient approach to the problem. Based on HBGary's own research, more than 50% of the machines re-imaged suffer a malware re-infection. The cost of re-imaging machine also can be prohibitive, averaging around $95-200 per machine in hard costs and up to $5000 a machine in lost productivity and downtime. With Inoculator, organizations now can greatly reduce - and even eliminate - these costs.

Inoculator does not use agents. It manages all end nodes using standard Windows® networking API's over the network. With Inoculator, enterprise organizations do not have to reimage their machines to clean their systems. Even if your organization's security policy requires reimaging, Inoculator can be used to prevent the known malware from re-infecting your system.

To learn more about Inoculator, click here.