New Release Adds Pre-built Queries, Enables Sharing of Queries Between Companies, and Enhances Decoding SpeedMcLean, VA – Novetta, a leader in advanced analytics technology, today released Novetta Cyber Analytics version 4.4, an advanced network‐traffic analytics solution that empowers analysts with comprehensive, near real‐time cyber security visibility and awareness filling a critical gap in today’s enterprise cyber security industry. Novetta Cyber Analytics version 4.4 adds new pre-built queries, enables query sharing between companies, and dramatically enhances its decoding speed. “As a whole, the cyber security industry continues to focus on automating security analysis. Unfortunately, a good, persistent attacker will always find a way around even the most sophisticated automation,” said Jim Cushman, President, Commercial & Products at Novetta. “Novetta Cyber Analytics focuses on analyst empowerment. The new features in version 4.4 further empower security analysts with the right information, on demand, to make them dramatically more efficient and effective. This enables them to creatively think about how to find and counter intruders versus reacting to automated alerts that are usually wrong.” Novetta Cyber Analytics version 4.4 empowers security analysts with the following updates:
- Pre-built queries for enhanced APT intrusion detection capabilities. Novetta Cyber Analytics includes over 100 pre-built analytics which were created based on eight years of experience helping to counter intrusions within the Department of Defense. Version 4.4 built-in analytics focus on specific malware metadata-based signatures, including methods for detecting traffic associated with various malware families, which include but are not limited to:
- Detection for HTTP beacon artifacts known to be associated with the Fexel trojan. This malware is believed to be used exclusively by the APT Group Axiom.
- Detection for HTTP traffic associated with the El Machete backdoor. El Machete is believed to be leveraged by a Threat Group that uses Spanish as their native language.
- Detection for Sofacy malware beacon version 1. Sofacy is the name for an APT Group believed to be operating out of Russia and frequently targeting defense contractors, aerospace, and international foreign affairs organizations.
- Enabling asynchronous decoding for rapid incident response and/or forensics. In Novetta Cyber Analytics, reverse engineered malware can be used as the basis for writing a decoder to run against stored network traffic (packet capture, or PCAP) to determine what the malware did, to what, and when. This enables analysts to fully understand just how compromised their overall environment is and then know with high confidence exactly what must be done to remediate. Because time is critical in any breach investigation, version 4.4 has upgraded its capabilities to enable asynchronous decoding, meaning multiple network sessions can be decoded concurrently — with the speed only dependent on how much hardware is applied to the task. This update dramatically improves the efficiency and effectiveness of any analyst when involved in detailed incident response and/or forensics.
- Enabling query sharing between instances, enhancing the collective wisdom of communities to counter common intruders. Query sharing between instances enables analysts to share methods for breach detection, alert triage, and incident response amongst different organizations. With the growing popularity of ISACs, which generally share threat information between companies in similar industries, members of the same ISAC deploying Novetta Cyber Analytics could upload and download these queries to and from their portal, enabling the collective wisdom of the whole to counter common intruders.