Crimeware & APT Analytics form a state-of-the-art and continuously-evolving methodology against advanced persistence threats. The analytics framework takes advantage of the collected Cyber Threat Intelligence, Real-Time Sandbox Execution and the SIEM Correlation engine to process and identify indicators at any stage of the APT Lifecycle.
The framework takes advantage of any current investment in security solutions as it is able to integrate and operate on top of Intrusion Detection Systems, Next Gen Firewalls, Host IDS, orchestrating the security correlation and monitoring using the SIEM and enhancing it with unique solutions.
The analytics engine allows us to capture nearly anything that the Client’s internal users download, dynamically analyze the files behavior and communications and provide all appropriate information needed to:
- Flag the file ‘ok’ for further use or not
- Solidify the existence of a security incident
- Identify malware propagation and impact
- Facilitate forensic analysis
The extraction methods are continuously expanded and range from passive extraction (proxy logs,icap) to active extraction (from the wire).
The suspicious downloads are categorized, filtered and redirected to propriatery analysis sandboxes where multiple techniques are utilized to identify the imposed risks, such as:
- Dynamic malware analysis
- Static malware analysis
- Machine Learning for on-the-fly classification using up-to-date training sets
- Reputational analysis
- Modern antivirus analysis
- Yara signatures collections
- Multiple continuously updated heuristics
The analysis results are redirected back to the SIEM Engine and evaluated against the real-time logs to solidify infections and estimate propagation to the network.