Turn the tide on your adversaries with real-time threat intelligence from every targeted attack…
Forensic information is invaluable because it helps to characterize the attacks and adversaries you face, dissect the methods used by your adversaries and gives view into the intent of the attack while guiding other defensive strategies. Until now, forensic intelligence was largely used for post-breach reconstruction – giving you the information post-facto. Which meant you learned about your adversaries after they had already done the damage.
Invincea FreeSpace™ changes this paradigm – not only do we detect and prevent breaches from occurring, we capture rich, forensic intelligence on every attempted attack and feed this to other leading security information event management systems.
Invincea Management Server
The primary value Invincea delivers is that we actually stop the attack at the point of attack. We take every one of your users and put them in an environment that protects them from spear-phishing, drive-by downloads, poisoned search engine results, malicious websites, sites that have been hijacked and poisoned documents. But we take it one step further…we turn your users into part of a large-scale distributed network sensors – a modern honeypot.
The instant that suspicious activity is detected in Invincea FreeSpace™, we begin collecting forensic information. We isolate and identify:
- Infection Source: We identify the url, PDF attachment, or Office attachment that triggered the infection
- Timeline of Attack: We dissect the actions of the malware – file system writes, reads, launches, new process creations, forks, injections, and network command and control
- Registry Changes: We capture all changes the malware makes to a virtual registry and non-malicious/compromised processes
- Connections: We identify any and all connections – whether inbound or outbound – showing you the command and control channels the adversary attempted to create
This information is fed to the Invincea Management Server where it is presented for your teams and stored for the future. Understanding that you need a method to push this information on to the rest of your infrastructure, we have integrated with a number of other leading security technologies.
Invincea strengthens the power of your entire infrastructure. We kill zero-day malware and APTs at the point of infection and feed actionable information to the rest of your infrastructure to make it smarter.
Our feeds can integrate with a wide variety of technologies – both network and endpoint based.
At current, Invincea has integrated its Management Server with the following technologies:
- McAfee ePO
- Q1 Radar
- ISIGHT Partners