- Pre-built queries for enhanced APT intrusion detection capabilities. Novetta Cyber Analytics includes over 100 pre-built analytics which were created based on years of experience helping to counter intrusions within the Department of Defense. Version 4.4 built-in analytics focus on specific malware metadata-based signatures, including methods for detecting traffic associated with various malware families, which include but are not limited to:
- Detection for HTTP beacon artifacts known to be associated with the Fexel trojan. This malware is believed to be used exclusively by the APT Group Axiom.
- Detection for HTTP traffic associated with the El Machete backdoor. El Machete is believed to be leveraged by a threat group that uses Spanish as their native language.
- Detection for Sofacy malware beacon version 1. Sofacy is the name for an APT Group believed to be operating out of Russia and frequently targeting defense contractors, aerospace, and international foreign affairs organizations.
- Enables asynchronous decoding for rapid incident response and/or forensics. In Novetta Cyber Analytics, reverse engineered malware can be used as the basis for writing a decoder to run against stored network traffic (packet capture, or PCAP) to determine what the malware did, to what, and when. This enables analysts to fully understand just how compromised their overall environment is and then know with high confidence exactly what they need to do to remediate. Because time is critical in any breach investigation, version 4.4 has upgraded its capabilities to enable asynchronous decoding, meaning multiple network sessions can be decoded concurrently — with the speed only dependent on how much hardware is applied to the task. This update dramatically improves the efficiency and effectiveness of any analyst when involved in detailed incident response and/or forensics.
- Enables query sharing between instances, enhancing the collective wisdom of communities to counter common intruders. Query sharing between instances enables analysts to share methods for breach detection, alert triage, and incident response amongst different organizations. With the growing popularity of ISACs, which generally share threat information between companies in similar industries, members of the same ISAC deploying Novetta Cyber Analytics could upload and download these queries to and from their portal, enabling the collective wisdom of the whole to counter common intruders.
As the manager of Product Marketing for Novetta Cyber Analytics, it is my distinct pleasure to announce the availability of our most recent upgrade, version 4.4. Building on years of experience helping the largest and most attacked networks defend themselves from advanced attacks, Novetta Cyber Analytics version 4.4 incorporates the following highlighted updates:
Read more about the author: