Bromium LAVA

Transcription

Bromium LAVA
Datasheet
Bromium LAVA
Live Attack Visualization and Analysis
Key Benefits
STRATEGIC INTELLIGENCE
Accurately identify targeted
attacks as they occur to enable
more effective response
ZERO-DAY ATTACK INSIGHT
Quickly analyze and respond to
who, what, when, where, and how
you are being attacked to minimize
impact and costs
ADVANCED VISUALIZATION
Identify and act on attacks in
minutes—not days or months—
saving time and money
Key Features
AUTOMATIC ANALYSIS
Instantly understand the specific
tactics and goals of any attack.
LAVA details the precise set of
malicious steps down to the registry,
external IP addresses, and files
changed by malware
STANDARDIZED COLLABORATION
Automatically create standardized
indicator of compromise reports in
STIX/ MAEC format for collaboration
with other security tools
Every day, enterprises and government organizations are
confronted with malware attacks that evade firewalls, network
protection devices, and traditional endpoint security. What if
there was a way to safely record and analyze the complete attack,
without risk to the organization? Now there is.
Transform your security operations
Security teams spend valuable time
reacting to hundreds of routine events
every day. These can be minor or a
truly serious attack—and sometimes
it is difficult to tell the difference.
Bromium® LAVA™ enables you to
quickly identify real attacks from the
rest and determine who within the
organization is being targeted. This
level of insight allows for immediate
implementation of technical and user
policies to counter malicious activity
faster than ever before.
Empower your security staff.
Enhance your current security tools.
LAVA’s advanced visualization
techniques enable security personnel
to understand complex attacks in
minutes rather than the hours or days
required with traditional forensic tools.
LAVA shares detailed attack
information with your current
infrastructure to elevate the overall
effectiveness of your “defense-in-depth”
strategy. You can automatically export
security incidents to the most popular
SEIM, next-generation firewall, or
other systems to deliver a new level
of visibility and control. Stix/MAEC
formatted threat intelligence reports
can be automatically generated and
shared with third parties.
Visualizing the kill chain
LAVA delivers a clear and concise
summary of the complete “kill chain”
enabling security operators to quickly
evaluate the threat to the organization
and respond instantly.
Full malware capture
LAVA records complete samples of all
malware within a Bromium micro-VM,
even malware that is deleted or that
never leaves volatile memory. Armed
with these samples, the analyst can
replay or reverse engineer the malware
to uncover the complete methods and
goals of the attack.
Automatic attack categorization
LAVA instantly displays a highlevel, color-coded, plain language
characterization of the intent of the
attack elements. This enables the
security analyst to quickly identify the
organizational risks of each attack and
prioritize the appropriate response.
1
Datasheet
Bromium LAVA
Live Attack Visualization and Analysis
Datasheet
BROMIUM LAVA
Every day, enterprises and government organizations are confronted with advanced malware attacks that
evade firewalls, network protection devices and traditional endpoint security. What if there was a way to
safely record and analyze the complete attack, without risk to the organization? Now there is…
Key Benefits
Supported Platforms
STRATEGIC INTELLIG ENCE
Accurately identify advanced targeted
attacks as they occur to enable more
ENDPOINTS
Intel i3, i5, i7 processors,
4 GB
RAM,
effective
response
Windows 7 64-bit and 32-bit,
Apple
OPERATIONAL
COSTOSX
SAVINGS
SERVERS
Microsoft Windows
SQL Server 2008 R2
Advanced features enable the security
team to deliver results in minutes instead
of days increasing productivity and
lowering
costs
Server
2008,
About Bromium
ZERO-DAY ATTACK INSIGHTS
Quickly analyze and respond to who,
what, when, where, and how you are
being attacked
ADVANCED VISUALIZATION
Identify and act on attacks in
Bromium has transformed
endpoint
minutes—not
days or months—
saving time
and money
security with its revolutionary
isolation
technology to defeat cyber attacks.
Features
Unlike antivirus or otherKey
detectionTransform Your Security Operations
Visualizing the “Kill Chain”
AUTOMATIC
ANALYSIS
based defenses, which can’t
stop
The LAVA bypass
visualizationdetection.
trace delivers a clear and
Security
teams spend valuable time reacting to hundreds•Defense
How
it
works
Instantly
understand
the
specific
tactics
and
modern attacks, Bromium uses
concise summary of the complete “kill chain” enabling
of routine events every day. These can be minor (a false
goals of any attack. LAVA details the precise
escalation
usedthetothreat
disable
security operators
to quicklyis
evaluate
to the
vSentry®
uses attack—and
micro- sometimes it is Privilege
micro-virtualization to keep
userssteps down to the registry, Bromium
positive)
or a truly serious
set of malicious
organization and respond instantly.
difficult to tell the difference.
IP addresses, and files changed by
secure while deliveringexternal
significant
resident security tools. LAVA detects
virtualization to isolate user tasks.
malware
LAVA enables you to quickly identify real attacks from the
cost savings by reducing and even
Full Malware Capture
STANDARDIZED COLLABORATION
stores these actions for later study.
This automatically
andwithin
safely
allows is being and
the organization
rest and determine who
Security analysts can often spend days of precious
eliminating false alerts, urgent
patching,
Automatically create standardized indicator
targeted. This level of insight allows the organization to
time
trying to recover malware samples from a
of compromisethe
reports in STIX/ MAEC format malware
to fully
execute
within
a policies to•Command-and-control
and remediation—transforming
immediately
implement
technical
and user
detection.
compromised endpoint for further study.
LAVA
for collaboration with other security stake
counter malicious activity fasterthan ever before.
traditional security life cycle.
records complete samples of all malware within a
holders
micro-VM, enabling LAVA to do post-
LAVA
identifies command-andBromium micro-VM, even malware that is deleted or
that
never
leaves volatile
memory. Armed
with these
Empower analysis
Your Security
Enhance Your
exploitation
toStaff.
establish
control
(C&C)
channels
details
samples, the analyst can replay or reverse-engineer
Current Security Tools.
a full malware
kill chain.
the malware to uncover the complete methods and
LAVA’s advanced visualization techniques enable security enabling tuning of perimeter defenses
goals of the attack.
personnel to understand complex attacks in minutes rather
than the hoursall
or activity
days required
with the
traditional forensic to block communications throughout
LAVA observes
from
Automatic Attack Categorization
tools.
theLAVA
enterprise.
instantly displays a high-level, color-coded, plain
vantage point of the hardware, “below”
LAVA shares detailed attack information with your current
language characterization of the intent of the attack
Detection.
elements.Injection
This enables the
security analyst to quickly
the operating
infrastructuresystem.
to elevate theThis
overallvantage
effectiveness of your •Process
identify the organizational risks of each attack and
“defense in depth” strategy. You can automatically export
Process
injection
introduces
malicious
point provides
unique
capabilities.
prioritize the appropriate response.
security incidents
to the most
popular SEIM, Next
Generation Firewall or other systems to deliver a new level code into running processes on the
of visibility and control.
Stix/MAEC formatted
•Bootkit/rootkit
detection.
One ofthreat
the
intelligence reports can be automatically generated and
victim. This technique is extremely
rd parties.
shared
with
3
most hard-to-detect components of
difficult to detect with conventional
malware is bootkits/rootkits. LAVA clearly
analytic tools.
identifies their installation and actions.
•Malware Persistence Detection.
•Anti-forensics detection. Malware
Malware often modifies the victim
can evade detection by removing
system to ensure the attacker has
components used early in its infection
access in the future. LAVA monitors
cycle. Typical forensic tools cannot
and identifies this behavior.
detect these. LAVA identifies these
•Command Shell Detection. Remote
for later analysis.
command shells enable attackers to
•Zero-day malware signature
take control of a compromised system
generation. LAVA provides MD5
and are an unambiguous indicator
checksums for use in other security
of compromise.
tools for malware identification.
Bromium US
20813 Stevens Creek Blvd
Cupertino, CA 95014
[email protected]
+1.408.598.3623
Bromium UK
Lockton House
2nd Floor, Clarendon Road
Cambridge CB2 8FH
+44.1223.314914
For more information refer to www.bromium.com,
contact [email protected] or call at 1-800-518-0845
Copyright ©2014 Bromium, Inc. All rights reserved.
DS.LAVA.US-EN.1409
2