アメリカ国防総省、空軍、国土安全保障省なとて導入済み!
従来のセキュリティ対策ソフトでは対応できないサイバー攻撃を阻止
高精度
アルゴリズム
膨大なデータをあらゆる角度から深く分析 、サイバー攻撃の兆候をリアルタイムに検知・可視化し、標的型攻撃などの高度なサイバー攻撃を阻止します。
Veramine Endpoint Detection日れdRes 0れse (VEDR)
全てのエンドボイントをリアルタイムに監視
企業が保有する数多くのエンドボイントに対し、マルウェアの感染や攻撃を検知し、影響範囲を特定、早期対応を実現します。
Veramine P′Odu( ⅵ MOれ0 ng r00 (VPMT)
Deception
テクノロジー
おとり環境へ標的型サイバー攻撃を誘導し攻撃者を・騙す”ソリューションで攻撃を 阻止します。
Veramine DynamicDeception System (VDDS)
内部のセキュリティ違反もすぐ検知
あらゆるアクテイヒティをモ二タリングし悪意のあるすべての操作を検知できます。
Veramine引de′ TわヨtPレeれ0 (VITP)
Data Quality: Variety. Detailed. Structured. Real Time. Small Traffic. Security-related activities: Process, Registry, System Security, Network, User, SMB, Binaries, AMSI…
Flexible collection policies: admins can select what data to collect. Adaptive filter: sensors smartly don’t send irrelevant high-volume events to servers, that can filter out TB’s of traffic sent and processed by sensors and servers.
External and Insider Threats Prevention with Advanced Monitoring on Data, Devices and Users, such as Key loggers, Video and Screenshot captures, Activities of Browsing-Email-SMB, USB Management Logged Tracking and Access Control Policies (Blocked, Read-Only, or Read-Write), User sessions, User and Entity Behavior Analytics (UEBA)
Detect attack tactics and techniques in https://attack.mitre.org/wiki/Technique_Matrix.
More collected data types allow more data analysis algorithms, combining rule-based and machine learning, resulting in better Detection. Examples: SMB data allows detecting Lateral Movement and Insider Threats; Precise Elevation of Privilege (EOP) detection by collecting security tokens; Lsass process open allows detecting credentials and passwords dumping (Mimikatz); Command arguments allow detecting Malicious Powershell intrusions…
Deception is an Active Defense approach, whereas most existing approaches are Passive Defense. Platform of Traps, put along the kill chain, to cheat, detect and prevent intrusions. Capable of making every computer (physical or \/M) a honeypot, in IT Systems. Uniquely offered by Veramine.
Deceptive services, processes, files, mutexes, credentials, network listeners, data shares, registry helper, VMs… Track intruders’ activities, and limit things they can do, with the traps. E.g. WannaCry checks a mutex to decide if a system is already infected, and we can set such a deceptive mutex.
Yara Search on Memory and Files. Memory dumps are at fingertips. Collected data is searchable using flexible logical expressions. All executable binaries are col ected for forensics.
Veramine have most Response Actions, from Binaries, Users, Hosts to Processes. E.g. Network Quarantine, Process Suspend/Terminate, User Disable/Disconnect, Host Sleep/Shutdown/Restart, Binary Block, Scan with Virus Total…
Forensics with Velociraptor to collect various built-in or customized artifacts from multiple endpoints in real-time from centralized portal. VQL, similar to SQL, allows collection tasks to be quickly programmed, automated and shared, so that turn-around from IOC to fu I hunt can be a few minutes. E.g. VQL to search and collect fi es in users’ temp directory which have been created within the last week.
Veramine sensors on average take less than 1% CPU and 20 MB RAM, network traffic is less than 30 MB/day/host, and can be further tuned using col ection policies. Easy deployment to the whole network such as using AD, SCCM or psexec.
Integration with S EM, VDI, LDAP, AD, 2-fact Authen, APIs. Sensor Emergency & Autoupdate. Server: Multisite and audited.
Veramine Founders
– Authored a number of books, such as “Practical Reverse Engineering” best rated on Amazon.com
– Spoke and trained at most respected venues Black Hat, Recon, CCC, NATO..