Comprehensive Collection of Stateful Compromise Indicators Powers Scout Analytics Engine to Better Understand and Counter Advanced Threats
WALTHAM, Mass. (June 24, 2013) – CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today introduced the Scout Knowledge Library, a robust collection of stateful compromise indicators (SCIs) that correlate behavioral and technical characteristics of advanced threats to provide organizations with rich attack intelligence through conclusive attack evidence.
With the recent release of Scout 4, CounterTack is taking a dramatically different approach to endpoint protection, providing unprecedented visibility into attackers through its patented Deep System Inspection (DSI) technology. CounterTack enables organizations to detect previously undetectable advanced threats and attacks that most other solutions miss.
The Scout Knowledge Library is a compilation of SCIs, attack and malware profiles and conditions. Collectively, they serve as the intelligence foundation of Scout’s powerful analytics engine, enabling customers to quickly classify malware and malicious activity based on correlated actions exhibited by the attack.
“CounterTack’s Scout Knowledge Library gives organizations the ability to quickly and accurately determine the scope of an attack by understanding what type of malware is launched, and what type of process it follows,” said Neal Creighton, CEO, CounterTack. “Correlating malware characteristics through Scout helps enterprises react with confidence to attacks, shortening the gap from detection to intelligence to response, by giving them the ability to know precisely what will happen relative to that specific malware, bot, trojan or condition identified.”
Based on the breadth of Scout’s real-time monitoring of historical attacker behavior and malware processes, the Scout Knowledge Library’s SCIs can help rapidly classify attacks and provide intelligence on specific tools and techniques associated with threats both known and unknown. These classifications are integrated into Scout 4, where the threat and attack profiles are correlated with attack activity in real-time.
“CounterTack’s unique approach is to shorten the cycle to remediation for customers impacted by sophisticated threats and persistent malware campaigns,” said Sean Bodmer, chief researcher, CounterTack. “Through our library, we provide the capability to correlate key events and characteristics of malware. A single SCI can detect millions of variants of Zeus, like Ice9 or Citadel, but what matters most are the key characteristics and the modular functionalities of the malware. For example, knowing whether the malware is configured with Remote Desktop Protocol (RDP), Webinjects (secure form login stealer), DDOS, FormGrabbers, or JabberUpdater can help customers quickly identify the motive, intent and capability of a threat — so they react appropriately.”
In the event that a critical endpoint is compromised, Scout’s real-time analysis identifies files, processes and network activity the attacker is targeting at the OS level on production systems. That behavior is then correlated with indicators in the Knowledge Library to provide conclusive intelligence about the attack.
The Scout Knowledge Library will be sold as part of base Scout deployments, and updates will be available as part of a subscription model.
CounterTack, the industry’s first and only in-progress attack intelligence and response solution provider, was born out of the critical need to develop new security approaches for enterprise and government organizations. The detection gap persists despite massive investments and continuing advancements in security technologies, with cyber attacker innovation outpacing cyber defenses. CounterTack is leading the way on new approaches for deeper security intelligence monitoring and faster attack response.
To learn more, visit www.countertack.com.