ThreatSonar Compromise Assessment Platform

Behavior-modeling • Intelligence-driven • Auto-investigation • Threat-hunting • Orchestration

Img design concept
ThreatSonar Design Concept

APT (Advanced Persistent Threat) incidents hit news continuously. Enterprise invested tremendous CAPEX and OPEX on cyber security but still cannot guarantee intrusion. When an incident is discovered, usually sensitive information has already been stolen.

Combining remote forensics, behavior analytics, with our unique Machine-learning model trained from thousands of real-world APT incidents, ThreatSonar is Doppler Cyber Threat Solutions, a global Threat Intelligence research team's approach to APT challenges.

ThreatSonar Key Features
Circle shadow inspect
Compromise Assessment using behavior-based model. Trained with thousands of real-world APT samples.
All inspected in 15 minutes. Memory, process, network connections, registry, eventlog, task scheduler, MBR, WMI, etc.
Circle shadow chess
Bringing your own threat intel to every endpoint. Or use our thousands of build-in backdoor indicators.
Import 3rd party hash, IP, domain, dynamic Yara rules IoC etc.
Matches against our cloud intel database or BYOI works offline.
Circle shadow timeline
Discovering related infection origins, lateral-movement traces and data exfiltration through graph visualization.
Organizational incident timeline.
Expand and pivot to find out hidden infections with similar TTP (tactics techniques procedures)
Circle shadow discover
Behavior analytics for previously unknown TTP. Create baseline to quick triage and hunt for outliers.
Highlighting unique executables, memory attributes, abused system tools or rarely-seen digital certificates.
Circle shadow secure ic shield
Two-way API allowing easy integration, sending alerts and updating threat intel automatically.
CEF format alert for SIEM auto-blocking. Powerful RESTful API to retrieve report and sample, or update Threat Intelligence.
ThreatSonar Assessment Reports
ThreatSonar Auto-investigation (demo)
ThreatSonar is Complementary to Antivirus
  • Performing compromise assessment on APT (Advanced Persistent Threat) risks.
  • Detecting malicious backdoor, hacking tools, abnormal system configurations.
  • Mixed dynamic + static engine, built-in indicators + external threat intelligence.
  • Inspecting memory, file system for unknown threats like just your CSIRT team expert.
  • Non-residential agent, scan on-demand via task scheduler.
    Driver-less, minimum performance impact and compatibility issues.
  • Highlighting potential risky endpoints. Incident Response team can do threat-hunting or clean-up manually.
  • High efficiency, only scans suspicious locations and intrusion traces. About 20 minutes per endpoint depending on hardware.
  • Preventing any kind of malicious program from execution.
  • Detecting common (non-APT) malware. Such as botnet, worm, banking trojan, or ransomware.
  • Relying on signature matching which is easy to bypass.
    Can only detect widely spread known malware.
  • Unable to triage grey-area risky programs such as abused legitimate VPN tools or new threats.
  • Residential agent with kernel-mode driver hook often slowing down system performance or causing compatibility issues.
  • Can block or quarantine infected files, but usually not able to clean-up hidden backdoor automatically.
  • Full disk scanning always takes up to several hours
Server Deployment
Public Cloud, Amazon AWS, Softbank, GMO Cloud
Private Cloud, VMWare, VirtualBox, and Xen Server
On-premise, air-gapped, no-internet environment
Hardware server or laptop installation
Off-line system and indicator update bundle
Endpoint Deployment
More Information