APT (Advanced Persistent Threat) incidents hit news continuously. Enterprise invested tremendous CAPEX and OPEX on cyber security but still cannot guarantee intrusion. When an incident is discovered, usually sensitive information has already been stolen.
Combining remote forensics, behavior analytics, with our unique Machine-learning model trained from thousands of real-world APT incidents, ThreatSonar is Doppler Cyber Threat Solutions, a global Threat Intelligence research team's approach to APT challenges.
All inspected in 15 minutes. Memory, process, network connections, registry, eventlog, task scheduler, MBR, WMI, etc.
Import 3rd party hash, IP, domain, dynamic Yara rules IoC etc.
Matches against our cloud intel database or BYOI works offline.
Organizational incident timeline.
Expand and pivot to find out hidden infections with similar TTP (tactics techniques procedures)
Highlighting unique executables, memory attributes, abused system tools or rarely-seen digital certificates.
CEF format alert for SIEM auto-blocking. Powerful RESTful API to retrieve report and sample, or update Threat Intelligence.
- ThreatSonar Report is intuitive. Accelerating Incident Response MTTR (mean-time-to-recovery) through visualized threat-hunting tool.
- ThreatSonar Server is flexible on deployment. Can be installed on-premise, in the cloud, or on your CSIRT team's laptop.
- ThreatSonar Scanner is a portable one-shot collector. Non-residential, driver-less design means minimum compatibility issue.
- ThreatSonar can import 3rd-party Threat Intelligence including Yara rules. Easy to match intel on all endpoints.
- ThreatSonar is efficient. Takes 20 minutes on average per endpoint scan. Scans 5000+ endpoints per hour with fast Server H/W.
- Performing compromise assessment on APT (Advanced Persistent Threat) risks.
- Detecting malicious backdoor, hacking tools, abnormal system configurations.
- Mixed dynamic + static engine, built-in indicators + external threat intelligence.
- Inspecting memory, file system for unknown threats like just your CSIRT team expert.
- Non-residential agent, scan on-demand via task scheduler.
Driver-less, minimum performance impact and compatibility issues.
- Highlighting potential risky endpoints. Incident Response team can do threat-hunting or clean-up manually.
- High efficiency, only scans suspicious locations and intrusion traces. About 20 minutes per endpoint depending on hardware.
- Preventing any kind of malicious program from execution.
- Detecting common (non-APT) malware. Such as botnet, worm, banking trojan, or ransomware.
- Relying on signature matching which is easy to bypass.
Can only detect widely spread known malware.
- Unable to triage grey-area risky programs such as abused legitimate VPN tools or new threats.
- Residential agent with kernel-mode driver hook often slowing down system performance or causing compatibility issues.
- Can block or quarantine infected files, but usually not able to clean-up hidden backdoor automatically.
- Full disk scanning always takes up to several hours