Advanced Persistent Threat (APT) Module

The APT Module is part of the advanced Cyber Threat Defense capabilities in the Digital Guardian® Platform.  The APT Module is powered by  Digital DNA technology, a signature-less approach to detect new or unknown malware with automated behavioral analysis of code in physical memory.  This Module extends the cyber threat defense capabilities of the DG Host Agent with additional “zero day” threat detection and analysis capabilities on servers, desktops and laptops:

  • Forensically scans a snapshot of endpoint memory and uses Digital DNA to rate threat severity of executable code in memory
  • Provides actionable alerts and reports directly related to the implicated processes and their capabilities
  • Assigns a machine risk score that can be used by the DG agent to enforce adaptive rules
  • Allows forensics based investigation of anomalous behavior detected by the DG core agent

 

The APT Module is deployed as an integrated add-on to the Host Agent.  This greatly improves manageability and performance  of the DNA Technology as Digital Guardian manages scan runs  based on schedule or more importantly fires off a scan after a cyber threat attack or abnormality is detected.  This enhances the technologies ability to capture forensic evidence related to an attack and speeds up investigations. Information from both the "machine risk score" and the memory scan forensics are available in the DG Command Center.  "Memory dumps" are easily facilitated through the DG Command Center and then exported to investigative tools.

 

 

 

 

Request
Info
Share
This
Print
Page