Due diligence to protect your company.
We will track the two-way communication flows between internal assets and external entities, developing an evidence trail of data exchanges that match a state-based infection sequence model. Our correlation engine that is driven by a customized and augmented release of Snort version 2, which tracks the underlying actions that occur during the malware infection process: inbound scanning, exploit usage, egg downloading, outbound bot coordination dialog, outbound attack propagation, and malware P2P communication. The correlator then ties together the dialog trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of successful local host infection. When a sequence of evidence is found to match the infection dialog model, a consolidated report is produced to capture all the relevant events and event sources that played a role during the infection process.