Memory Forensics

In-Memory Malware Detection & Analysis

In-Memory Malware is Difficult to Detect

One of the latest cybercrime innovations, fileless malware, is reaping great benefit for hackers and cyber-criminals and great risk for your business. Fileless infections are exactly what they seem to be: malware or virus infections that don’t use any files in the process. The malware is written directly into the physical memory (or RAM) and is capable of eluding most detection technologies such as desktop firewalls and anti-virus programs.

Defend Against Today’s Most Advanced Malware With Digital DNA®

Digital DNA®, the patented core technology, lies at the heart of CounterTack’s solutions. With its unparalleled memory forensics and behavioral analysis capabilities, Digital DNA detects zero days, rootkits and other malware not detected by signature-based solutions. Digital DNA cuts through the wide array of anti-forensic measures employed by today’s most stealthy malware and identifies potentially malicious software running in physical memory. It scans live physical memory identifying malicious behaviors rather than matching patterns and signatures.

Digital DNA performs the following steps:

  • Scans live physical memory or memory snapshots
  • Identifies behaviors and techniques rather than patterns and signatures
  • Calculates a module-level threat score based on identified behaviors
  • Detects malicious software, APTs, zero-days, and rootkits that traditional anti-virus can’t

Proactively Detect Advanced Malware In-Memory

With unparalleled capability to analyze and detect malicious code executing in memory, Active Defense puts your team firmly in control of every investigation, allowing you to quickly and easily pinpoint compromised systems and determine scope of breach, enabling you to eliminate advanced threats such as fileless infection. Active Defense is powered by patented Digital DNA® technology that identifies specific behavioral traits of every process running in memory.

Once a threat has been identified, Active Defense’s collection and analysis tools empower you to determine initial points of infection, isolate lingering malicious files and system changes, and generate threat intelligence to harden endpoints against future attacks. By streamlining the incident response lifecycle, Active Defense allows you to rapidly scale your investigative efforts to hundreds of thousands of endpoints without requiring expensive armies of highly skilled analysts.

Collect and Analyze Threat Intelligence In-Memory

Responder PRO is the industry standard physical memory and automated malware analysis solution designed specifically for Incident Responders. It is the most advanced tool available for reverse engineering available today.

With its powerful memory forensics and malware identification capabilities, Responder PRO allows incident response professionals to collect and analyze critical threat intelligence that can only be found in physical memory such as chat sessions, registry keys, encryption keys, and socket information. With this information, incident responders can effectively validate and respond to a security incident. Every element of physical memory is provided, from the standard process and module details to extensive details on open files, sockets, registry keys. Document fragments, internet history, and keys and passwords are automatically extracted from memory and made available.

Active Defense ™

Powered by Digital DNA®

Learn how Digital Guardian can help Security Analysts proactively detect advanced malware in-memory

Get the Datasheet

Responder® PRO

Powered by Digital DNA®

Learn how Digital Guardian can help Incident Responders perform memory forensics and analyze malware in-memory

Get the Datasheet
Free Trial 2017 Gartner DLP MQ Contact Us