Move from post-facto breach detection to pre-breach forensic intelligence.
Make real-time situational awareness a reality – feed forensic information on every attack to your broader infrastructure.
Forensic information is invaluable because it helps to quantify the attacks you face, dissect the methods used by your adversaries and gives view into the intent of the attack while guiding future defensive strategies. Until now, forensic intelligence was largely used for breach reconstruction – giving you the information post-facto. Which meant you learned about your adversaries after they had already done the damage. Invincea changes this paradigm – not only do we detect and prevent breaches from occurring, we capture rich, forensic intelligence on every attempted attack at the point of detection and feed this to other leading security technologies.
The Invincea Threat Data Server
The primary value Invincea delivers is that we actually stop the attack at the point of attack. We take every one of your users and put them in an environment that protects them from spear-phishing, drive-by downloads, poisoned search engine results, malicious websites, sites that have been hijacked, etc. But we take it one step further…we turn your users into part of an enterprise wide malware detection network.
The instant that malicious activity is detected in the Invincea breach prevention platform, we begin collecting forensic information. We isolate and identify:
- Infection Source: We identify the url, PDF attachment, Office attachment, .zip or .exe that triggered the infection
- Timeline of Attack: We dissect the actions of the malware – what it did when it opened, unpacked, how it cleaned up after itself, etc.
- Registry Changes: We capture all changes the malware attempted to make to the registry
- Connections: We identify any and all connections – whether inbound or outbound – showing you the command and control channels the adversary attempted to create
This information is fed to the Invincea Threat Data Server where it is presented for your teams and stored for the future. Understanding that you need a method to push this information on to the rest of your infrastructure, we have integrated with a number of other leading security technologies.
Actionable Intelligence Feeds Strengthen Your Defenses
Invincea strengthens the power of your entire infrastructure. We kill zero-day malware and APTs at the point of attack and feed critical information to the rest of your infrastructure to make it smarter. At current, Invincea has integrated its Threat Data Server with the following technologies:
- McAfee ePO
- Q1 Radar