Breach Detection Systems
Also known as NextGen Intrusion Detection Systems, these signature-less based technologies are designed to detect sophisticated malware threats that bypass traditional signature based defenses. Through constant analysis of suspicious code and identification of communications with malicious hosts, breach detection systems are capable of providing enhanced detection of advanced malware, zero-day and targeted attacks that could bypass defenses like next-generation firewalls, intrusion preventions systems (IPS), intrusion detection systems (IDS), antivirus / endpoint protection (including host IPS), and secure web gateways (SWG). Due to the latency inherent with this type of scanning, these solutions operate out of band similar to IDS.
- Sandboxing Dynamic Malware Analysis
- Processor Level Emulation Analysis for High Resolution Malware analysis
Sandboxing Dynamic Malware Analysis
The sandbox technology we represent enables security professionals to understand exactly what a potentially malicious executable will do or has attempted to do on a network. Security professionals can determine how potential malware applications will execute, what system changes will be made, and what network traffic will be generated, without risking loss of data or compromising a network. Armed with this malware behavioral analysis, users can identify malicious files that intend to compromise their networks and that may have slipped past their antivirus, firewall and other defenses. This information provides intelligence to thwart a breach and in turn, can be used to create custom malware signatures that can be deployed within their existing security technologies. Then, a given network is protected without the need of having the malicious file “known” to the greater cyber-community.
TJ5 represents an affordable sandbox technology that has the following features and benefits:
- Malware Detection Engine dentifies suspicious samples based on a series of default and customizable rules and classifies sampled threats by severity. This enables you to efficiently prioritize your response and remediation strategies.
- Multiple Analysis Engines enable you to view side-by-side comparisons of sample behavior analyzed across various operating systems, patch levels, systems configurations and application versions.
- End user Emulation Simulates user interaction with application prompts that are created by malicious samples to trick users into spreading malware or providing access to sensitive data targeted for theft.
- Customizable Analysis allows you to customize the analysis sandbox so it to corresponds with your actual IT environments so you know how samples will execute within your network.
- Threat Intelligence updates from our globally present partner gives you up to date access to a constant stream of malicious URLs and IP addresses, suspected malicious files, phishing links, and other malware data to ensure your firewall, IDS/IPS, gateways, mail security and other defenses are protecting you from malware and other threats as they emerge.
- Extensive Reporting including PDF, PCAP, XML and other formats.
Our capabilities combined with this technology will provide you with a comprehensive assessment of every threat sampled by proactively analyzing nearly any Windows application or file. This includes infected Office documents, PDFs, malicious URLs, Flash ads and any other file associated with an application.
Processor Level Emulation Dynamic Malware Analysis
The most advanced and sophisticated polymorphic attacks today are capable of bypassing even Next Gen technologies including next generation firewalls, next generation IPS, sandboxing, and heuristic based security solutions. These highly advanced executables employ a variety of evasion and obfuscation techniques like stalling code and conditional execution paths that are invisible to nextgen advanced malware analysis solutions that only have limited visibility into malware code through windows API and system calls.
Leveraging a High-Res Malware Analysis engine developed by one of our partners, and deployed in a similar out of band manner to sandboxing technologies, we can help you analyze an executables individual processor instructions, memory accesses, and system calls providing a fidelity that exceeds any other nextgen solution. Our solution can also provide actionable threat intelligence by aggregating events across your network and classifying threats by relevance and severity with extremely low false positives.
This is the most advanced Malware analysis tool available, providing enterprises with the following features:
- High Resolution Analysis capable of seeing the entire code of an executable to detect evasion and obfuscation techniques not visible to Sandbox analysis.
- Web Security Protects users from malicious websites with real-time analysis to block inbound web exploits and outbound command and control traffic. Also, reputation based updates utilize a database of toxic websites to proactively block users from accessing malicious URLs.
- E-mail Security addresses blended attacks, 0-day exploits, malicious URLs and malicious e-mail attachments.
- Detection of Command and Control Communications even if it is encrypted to prevent data loss with low false positives.
- Actionable Threat Intelligence correlates and aggregates alerts into incidents that are listed by priority and severity while also providing forensics analysis.
- Threat Intelligence updates protects you from known malware and threats as they emerge.
- Multiple Deployment Options including hosted or on-premises options.
If your organization is looking at breach detection systems, this solution provides the most advanced malware analysis available in the industry at a cost that is competitive to lesser capable sandboxing technologies.