ReaQta-Hive A.I. engines work by analyzing the dynamic behavior, thus they’re agnostic to the delivery techniques and are equally effective on malware (ransomware, RAT, trojans etc) and non-malware (in-memory, file-less) attacks.
Attackers can leverage different types of technologies to breach the defenses of an organization, not all of them are malware based. So called “living off the land” attacks abuse components already present on the targeted operating system to avoid alerting legacy security solutions. These attacks, classified as non-malware, are highly effective and hard to detect due to the fact that most of the activity happens in memory, leaving a low (if any) forensic footprint.
Whether it’s a ransomware or a sophisticated in-memory attack, ReaQta-Hive helps the organization track the threat and respond with the appropriate measures in real-time. ReaQta-Hive can be configured in Detection, Protection and Hybrid mode, automating the way the platform responds to different types of threats.
ReaQta-Hive provides complete support to search for threat data inside the infrastructure in real-time and to perform more sophisticated data-mining tasks aimed at uncovering dormant threats.
In-memory and file-less threats are hard to track by their own very nature and they become even harder to follow when the attackers are using different variants as they move inside a large infrastructure. By leveraging on data-mining, ReaQta-Hive enables the security teams to automatically hunt for threats that share similarities – at the behavioral and functional level – with other incidents, automatizing the hunting job and bringing back results in just seconds.
The highly granular search support allows the analysts to look, in the present and in the past, for traces of attacks. IOCs (hashes, ip addresses, names) and behaviors can easily be searched to understand when and if a threat, or one of its components, came in contact with the infrastructure.
ReaQta-Hive detects lateral movements natively, the analysts can instantly understand which devices are being abused during an ongoing attack, enabling a lightning fast response in case of successful breach.
Attackers got access to the infrastructure and now they’re moving laterally, waiting to pivot in order to get access to more valuable resources. Identifying lateral movements disguised as legitimate user’s activities is hard and speed is of the essence, an active attacker can cause all sort of damages in a very short period of time. Once identified, the affected resources can be isolated immediately, or kept under monitoring to gather intelligence on the attacker, understand the modus operandi and identify their toolkit chain.
We want your team to be up and running in no time, without requiring additional personnel or highly skilled resources, by letting the bulk of the work to the algorithms and reducing human interaction to a minimum.
ReaQta-Hive has been designed with simplicity in mind, we know that acquiring visibility over the whole infrastructure looks like a daunting task, as much as we know how damaging it can be to ignore the endpoints. All the data is pre-processed and filtered to remove the noise and to make it easy to read, incidents are reconstructed and assessed so as to be understandable in a matter of seconds and in most cases without digging into the data. Every response can be automated and security teams alerted only when the engines identify suspicious activities.