HBGary Responder Pro 2.0.5 S Improves Ability to Detect And Counter Adaptive, Persistent Threats In The Enterprise

November 29, 2011, Sacramento, CA, In a move to significantly improve incident response teams’ ability to detect – and counter – adaptive, persistent threats and other targeted attacks in the enterprise, today HBGary announced Responder™ Pro 2.0.5, the latest version of the de facto industry standard in Windows' physical memory and automated analysis.

Responder™ Pro 2.0.5 provides faster, more targeted visibility about Advanced Persistent Threats (APT) and other adaptive, persistent adversaries so investigators can quickly determine scope of infection, contain and then remove the attackers from the network. Using Responder™ Pro, incident responders can complete their investigation in minutes instead of days as with conventional tools.

“This release offers a number of new features designed to help our customers analyze threats faster and more efficiently. In today’s corporate networks, threats evolve quickly and the sheer scope of information can often overwhelm security professionals. We are consistently working to develop new technologies to successfully detect and counter these attackers and help reduce the load on the customer.” said Martin Pillion, Senior Software Engineer for HBGary, Inc.

Leveraging HBGary’s Digital DNA™ core technology, Responder™ Pro delivers malware analysis, memory analysis and malware detection on a single, integrated platform. Responder™ Pro allows incident responders to quickly find the “smoking gun” in an infected Windows' system including malware, chat sessions, registry keys, socket information, passwords in clear text, rootkits, Trojans, unencrypted data, and open files.

Responder™ Pro is used by cybersecurity professionals in many industries including financial, technology, energy, manufacturing, healthcare, and services as well as government.

New features and upgrades to existing features in Responder™ Pro 2.0.5 include:

Full Binary Analysis Graph Feature: Allows you to quickly and easily see what is occurring in a binary sample. You can visually browse a graph and determine how it functions so you can focus on the section you are interested in immediately.

Improved Binary Information: Important information about a binary is now labeled or automatically generated. This includes hashes, timestamps, header information, structures, and additional labeling of disassembled code.

At-a-Glance Cross-References: Cross-references are automatically disassembled and presented inside the strings and symbols list. You can save a tremendous amount of time while reverse engineering code without having to manually examine every cross-reference. Also, data and call cross-references are now followed through multiple indirections to propagate symbol and function names.

Improved Disassembly: The automated disassembler has been improved to handle certain complex code structures. You can now automatically generate cross-references in addition to being able to create function and code blocks anywhere in the binary. Also, alignment and debug blocks are more accurately labeled.

Hierarchical Process View: This view provides an easier way for analysts to view parent- child relationships of programs and interactions on the system. You can toggle between a flat list or a hierarchical tree. This makes it easier to spot some malware infections visually when looking at the Objects Tab – Global View of all Processes.

Binary View: The binary view now supports advanced display options allowing you to customize your preferences. The default settings make it much easier to identify the critical pieces of information in a binary.

Search Details: Search results show more detail about the containing processes and module if available.

Memory Map Packages: You can now create a package out of any memory page or region in the Memory Map and then analyze that package as if it were a regular module.

Automatic Labeling of GUIDs: A large list of GUIDs are now automatically identified and labeled.

You can customize this list to include any additional GUIDs that you want.

Depth Control for Auto-Label Operands: You can control the depth of the auto label operation in the preferences, and you can abort the auto label command during operation if it takes longer than you want.

About the Responder™ Windows' Memory Investigation Platform

By tightly coupling physical memory forensics and malware analysis in a workstation analysis system, the HBGary Responder™ platform reliably identifies all digital objects on a computer and provides valuable intelligence on what bad guys are doing. Responder automatically reconstructs and displays all informational objects stored in RAM such as running processes, drivers and modules, strings, symbols, and open registry keys, files, and network connections. HBGary’s core technology, Digital DNA, is an optional software subscription for Responder™ Pro. Responder helps incident response professionals understand malware fast. It provides human readable information and contextual graphics, while traditional binary reverse engineering tools require deciphering esoteric assembly code.