Active Defense enables incident responders to detect and validate a security incident and then quickly determine the scope of the breach across the enterprise. It identifies the custom-coded malware and other variants used by today's attackers that signature-based solutions and Indicators of Compromise (IOC) cannot detect – no prior knowledge of the threat is needed for Active Defense to be effective. New enhancements to Active Defense 1.4 enable users with the following:
Industry-First Safe Filtering of Running Software
Active Defense 1.4 includes enhanced filtering to significantly reduce noise and bring into focus suspicious modules to help incident responders rapidly zero in on new or unknown malware. This safe-filtering capability greatly enhances customers' responsiveness for discovery and remediation, and an important development in the fight against advanced threats.
Faster Action with Deeper, at-a-Glance Insight into Protected Systems
Web-based dashboards that help visualize Digital DNA scores can now be easily customized to fit the needs of a specific user. The dashboards help scan results and analyze statistical anomalies across all managed systems. Equipped with the right tools, users can now proactively hunt down advanced attackers with pinpoint accuracy.
Improved Productivity with a Smarter Interface, Tailored to Each User
Active Defense 1.4 remembers a user's most visited menus and systems, eliminating the need for continuous searching and filtering, so that data can be easily found and drilled into. Through the interface, users can quickly look into a system to detect malware and then quickly focus on eradicating it.
"Active Defense 1.4 is the industry's first automated safe filtering of running software. Solutions based on indicators of compromise lag behind attackers and create more work for security teams," said Ken Silva, president of ManTech Cyber Solutions International. "Active Defense acts like a force multiplier and is equipped with behavior-based analysis that transcends any particular threat. Never again will our customers have to wait to discover an attack or the release of an indicator."
HBGary Active Defense powered by Digital DNA does forensically sound host-level scans across the enterprise to gather critical intelligence, including discovery of additional infections. Digital DNA encompasses thousands of the traits commonly seen in advanced malware, such as code and browser injection, packing, obfuscation, surveillance, remote access, network communication, and many others. The analysis reveals the capabilities of all software running on any system, and is highly effective because it requires no prior knowledge of a specific piece of malware. The simple fact that code running in memory may carry out certain potentially malicious functions is sufficient to identify it as suspicious.
Active Defense 1.4 Availability
Active Defense 1.4 is available as of today to new and existing customers. For more information about Active Defense, please contact [email protected]
HBGary provides Enterprise Incident Response solutions and services to enable organizations to conduct key phases of incident response including detecting zero-days and other unknown malware, validating whether an actual incident has occurred, and responding to the incident. Customers include Fortune 50 corporations and U.S. government agencies. HBGary is located in Sacramento, CA and is part of ManTech International Corporation. For information, please visit www.hbgary.com or follow us on Facebook & Twitter.