Host Intrusion Analysis
Examining your hosts and protecting your data
If a device becomes compromised or an organization believes that its user is conducting ‘rogue’ behavior, Nettitude is able to deliver proactive triage against the suspected host.
Through Bit9 and Carbon Black application controls, Nettitude is able to identify malware and proactively respond to every incident in a timely and effective manner. Carbon Black provides Nettitude’s cyber security experts with visibility around Indicators of Compromise, (IOC) and the ability to roll back the clock to identify the anatomy of what took place.
Memory analysis including parent/child relationships, process acquisition, correlation of memory artefacts with disk based storage.
Identification of malware behavior including encryption, steganography, obfuscation.
Identification of covert channels including beaconing and command & control.
Rootkit identification and hooking techniques.
Live malware analysis including access to files, registries, network sockets, other processes.
Data acquisition concepts including static & dynamic evidence gathering.
Disk analysis including file allocation, unallocated space, ACLSs, SIDS, file carving.
Review of configuration & systems hardening processes.
Accessing application artefacts and prefetch.
User profiles, temporary files, page files, hibernation files.
Understanding and dissecting all common file formats.
Dynamic analysis of executables.
Identification of malicious files through hashing, strings, packing, signature analysis.
Our team have been assessed against the rigours of the CREST cyber security incident response program. As a consequence, our process and methodology for delivering host based Incident Response has been vetted against the strongest rigors available within the industry.
The Threat2Alert approach of collecting logs and events, and correlating this with active packet analysis provides some of the strongest detection and response services within the industry. When this is coupled with our host intrusion analysis capability, Threat2Alert provides enterprise level incident response and comprehensive data assurance service.