“The value of signature-based virus detection is dwindling, as a flood of new, unique malware strains the ability of security firms to scale to meet the threat. At the same time stealthy, targeted attacks by advanced, persistent adversaries belie the efficacy of the signature detection model. What's needed are new detection methods, such as HBGary's Active Defense, that don't rely on knowledge of specific threats or malware. As enterprises look for new ways to clean their networks of malicious code, the kind of hollistic detection capabilities offered by Active Defense are going to be an increasingly important part of enterprise defenses,” said Paul Roberts, Senior Analyst for The 451 Group.
Until today, HBGary’s Digital DNA™ patent-pending core technology, which detects malicious code by looking at software behavior, not checksums or signatures, was only available to enterprises as part of McAfee’s ePO™ solution. Now, Active Defense, with its breakthrough, powerful reporting and search capabilities, can deliver Digital DNA™ to any enterprise.
“Active Defense is a game changer for the large enterprises and consulting companies. With its speed and reliability of its detection, Active Defense quickly identifies problems on Microsoft Windows' computers and significantly reduces remediation time from days to minutes. With Active Defense, customers can conduct incident response on thousands of machines quickly,” said Penny Leavy, president of HBGary, Inc.
To better protect confidential data in today’s everchanging cybercrime landscape, organizations need faster, more accurate information about the advanced threat including its origin, operator and author. Leveraging HBGary’s patent pending, core technology Digital DNA™, Active Defense can scan thousands of end-nodes concurrently and provide critical threat intelligence such as:
The type of exploit tools used in the attack
Information on how the attacker moved laterally within the network
Credentials that have been compromised and potentially even what data has already been stolen
Armed with advanced enterprise threat intelligence provided by Active Defense, organizations can quickly gather critical evidence to contain the threat, locate compromised machines, and assess damage. For example, one can use its IDS to detect additional infected machines, data exfiltration can be blocked at the egress firewall, and malware can be cut off from Command and Control servers.
Active Defense Advantages:
Active Defense was designed to make your existing security team smarter and your current infrastructure more effective. Its benefits include:
o Scan enterprise-wide for indicators of compromise within physical memory, physical NTFS drive volumes and from live operating system and registry.
o Can scan thousands of end-nodes concurrently with minimal impact on network
o Scans for registry keys or a known file in seconds
o Scans of raw physical disk, thousands of patterns at once, 250GB per hour (4GB per minute sustained)
Highly Accurate Threat Intelligence: Critical evidence can be extracted from the end node, revealing what tools were used, how the attacker moved laterally in the network, and what credentials have been compromised
Easy-to-use: Active Defense’s state-of-the-art analysis correlation engine provides reporting that can be easily used by your average IT team member. Your team doesn’t have to be expert at reverse engineering or incident response to get results
Availability and Pricing
Active Defense is available immediately. Pricing starts at $45 per node for 1000 nodes.
About Digital DNA
Digital DNA, HBGary’s patent pending core technology, leverages technology funded by DHS and the AF and is offered in Enterprise editions and stand-alone subscription. Digital DNA is the first live memory and runtime analysis platform detect today’s advanced malware threats. HBGary’s technology enables customers to quickly and easily analyze memory and see all running programs executing and their intent and what they are accessing on your machine. Advanced detection technology is able to identify techniques used by cyber criminals and state sponsored threats. Once suspicious behaviors are found, the suspect binaries can be easily disassembled and debugged to identify their true intent and capabilities.
About HBGary, Inc.
HBGary, Inc. was founded in 2004 by renowned security expert Greg Hoglund. HBGary is focused on delivering best-in-class enterprise threat detection solutions to Fortune 500 financial, pharmaceutical and entertainment companies as well as Department of Defense, Intelligence Community and other U.S. government agencies to meet their unique cybersecurity challenges and requirements. HBGary is headquartered in Sacramento and has offices in Washington D.C. For more information on HBGary, please visit http://www.hbgary.com.