ReaQta-Hive: A.I. Powered Endpoint Threat Response Platform
ReaQta-Hive is an Endpoint Threat Response platform powered by A.I., capable of detecting new and previously unknown threats, ranging from simple ransomware to more sophisticated non-malware attacks like file-less and in-memory ones. A unique NanoOS offers an unprecedented level of detail to the analysts and, at the same time, a barrier extremely difficult to overcome for the attackers. Two different sets of engines apply state-of-the-art machine learning to applications’ behaviors, automatically alerting about active or emerging threats without need for prior knowledge of the attacks. This signature-less approach, combined with an A.I. driven behavioral analysis, ensures that threats are detected independently of their delivery techniques and payload types.
ReaQta-Hive offers full visibility over the infrastructure, allowing real-time queries to the endpoints, extended searches for both IOCs and behavioral indicators, together with advanced data-mining for discovery of dormant threats. ReaQta-Hive can be configured in detection, protection or hybrid mode to suit the needs of every organization, offering a high level of flexibility while remaining always simple and easy to use.
POWERED BY A.I.
RAPID INCIDENT RESPONSE
Unleash the full power of ReaQta-Hive engines by searching your whole infrastructure for presence of specific Indicators of Compromise (IOC), binaries and behaviors in real-time. Automated data mining enables the discovery of dormant threats waiting to be activated. Hunting down on threats is not just simple, but effective and incredibly fast.
Detection & Protection
ReaQta-Hive A.I. engines work by analyzing the dynamic behavior, thus they’re agnostic to the delivery techniques and are equally effective on malware (ransomware, RAT, trojans etc) and non-malware (in-memory, file-less) attacks.
Attackers can leverage different types of technologies to breach the defenses of an organization, not all of them are malware based. So called “living off the land” attacks abuse components already present on the targeted operating system to avoid alerting legacy security solutions. These attacks, classified as non-malware, are highly effective and hard to detect due to the fact that most of the activity happens in memory, leaving a low (if any) forensic footprint.
Wether it’s a ransomware or a sophisticated in-memory attack, ReaQta-Hive helps the organization track the threat and respond with the appropriate measures in real-time. ReaQta-Hive can be configured in Detection, Protection and Hybrid mode, automating the way the platform responds to different types of threats.
Hunting & Data-Mining
ReaQta-Hive provides complete support to search for threat data inside the infrastructure in real-time and to perform more sophisticated data-mining tasks aimed at uncovering dormant threats.
In-memory and file-less threats are hard to track by their own very nature and they become even harder to follow when the attackers are using different variants as they move inside a large infrastructure. By leveraging on data-mining, ReaQta-Hive enables the security teams to automatically hunt for threats that share similarities – at the behavioral and functional level – with other incidents, automatizing the hunting job and bringing back results in just seconds.
The highly granular search support allows the analysts to look, in the present and in the past, for traces of attacks. IOCs (hashes, ip addresses, names) and behaviors can easily be searched to understand when and if a threat, or one of its components, came in contact with the infrastructure.
Lateral Movement Detection
ReaQta-Hive detects lateral movements natively, the analysts can instantly understand which devices are being abused during an ongoing attack, enabling a lightning fast response in case of successful breach.
Attackers got access to the infrastructure and now they’re moving laterally, waiting to pivot in order to get access to more valuable resources. Identifying lateral movements disguised as legitimate user’s activities is hard and speed is of the essence, an active attacker can cause all sort of damages in a very short period of time. Once identified, the affected resources can be isolated immediately, or kept under monitoring to gather intelligence on the attacker, understand the modus operandi and identify their toolkit chain.
Simplicity & Automation
We want your team to be up and running in no time, without requiring additional personnel or highly skilled resources, by letting the bulk of the work to the algorithms and reducing human interaction to a minimum.
ReaQta-Hive has been designed with simplicity in mind, we know that acquiring visibility over the whole infrastructure looks like a daunting task, as much as we know how damaging it can be to ignore the endpoints. All the data is pre-processed and filtered to remove the noise and to make it easy to read, incidents are reconstructed and assessed so as to be understandable in a matter of seconds and in most cases without digging into the data. Every response can be automated and security teams alerted only when the engines identify suspicious activities.
Want to know more about ReaQta-Hive?
Contact us if you are a business and our team will get back to you to schedule a free demonstration. You’ll be able to see how ReaQta-Hive behaves in a live environment, how it reacts to threats and how to swiftly respond to incidents when they happen.
This project has been partly financed by the European Union’s Horizon 2020 research and innovation programme under grant agreement No 726818.