Cerberus Data Sheet Web
2012-09-19
: Pdf Cerberus Datasheet Web Cerberus_DataSheet_web
Open the PDF directly: View PDF 
.
Page Count: 2
| Download | |
| Open PDF In Browser | View PDF |
Cerberus Cerberus reduces the level of expertise required to perform malware analysis, allowing first and second responders to triage malware and determine behavior and intent without waiting for a malware team. Now actionable intelligence can be achieved before sending malware on for deeper analysis. What is Cerberus? Cerberus Malware Analysis is Part of the CIRT Integrated Response Platform. Using CIRT You Can… Scan computers across the enterprise for executables. Suspect binaries identified through host analysis are automatically given a threat score. Set a threat score threshold: IF threat ≥ 40 THEN automatically initiate stage two. Basic and advanced disassembly extracts arguments to determine what the binary is capable of doing. Verify behavior and intent by correlating data with host and network analysis. Remediate and have CIRT monitor for new and recurring threats. Cerberus is a malware triage technology that is incorporated into AccessData’s integrated incident response platform, CIRT (Cyber Intelligence & Response Technology). It is also available as an add-on for FTK 4. The first step towards automated reverse engineering, Cerberus provides threat scores and disassembly analysis to determine both the behavior and intent of suspect binaries. Cerberus Works in Two Stages… Stage 1 During Stage 1 analysis, Cerberus tallies attributes of each binary to generate threat scores that approximate how “dangerous” each binary might be. Stage 1 looks for characteristics that are immediately apparent, such as “does this binary contain a valid digital signature?”, “is this binary packed?”, and “what OS functions does this binary import?” Therefore the Cerberus Stage 1 analysis is extremely fast and can be run against a large number of binaries quickly. Stage 2 Stage 2 analysis is much more complex, as it disassembles the entire binary, develops an understanding of the binary code flow, and outputs a list of operating system functions that are called by the binary, along with the arguments that are passed into those functions. Additional analysis provides details such as function arguments, which could reveal things, such as Internet callback addresses, file names and other statically compiled artifacts. Cerberus Malware Triage vs. Traditional Malware Analysis… Triaging potential malware with Cerberus gives first and second responders immediate actionable intelligence without waiting for a malware team to spend days or even weeks employing traditional methods of analysis. The Cerberus feature in CIRT provides response teams with critical threat information that they can then correlate and verify with CIRT’s network and host analysis. Furthermore, while deeper examination is often needed in the event of a security incident, these traditional methods each have its own shortcomings, which Cerberus methodologies avoid. • Dynamic Analysis is often not reliable, because the binary could recognize that it is being analyzed and perform a different action in order to intentionally fool the analyst. • Traditional Heuristics are not based on the fundamental characteristics of malware and have high false positive / false negative rates. • Signature-based / Byte String Analysis cannot detect new malware or new variants and requires prior knowledge in the form of an action or byte string. STAGE 1: Identify binaries with unusually high threat scores and view attributes contributing to those scores. STAGE 2: View capabilities of binary in predefined categories along with arguments. Contact Us: NORTH AMERICA SALES 800.574.5199 801.765.4370 (fax) sales@accessdata.com INTERNATIONAL SALES Office: +44 (0)20 7010 7800 internationalsales@accessdata.com
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : No XMP Toolkit : Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 Create Date : 2012:02:08 08:03:22-08:00 Metadata Date : 2012:02:08 08:03:23-08:00 Modify Date : 2012:02:08 08:03:23-08:00 Creator Tool : Adobe InDesign CS5 (7.0.3) Instance ID : uuid:8c7b1351-0b52-e645-82d6-35661414cd9d Document ID : xmp.did:7649C92D442668118A6DCF88DE9BDE40 Original Document ID : xmp.did:FE7F1174072068118A6DCF88DE9BDE40 Rendition Class : proof:pdf History Action : created, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved, saved History Instance ID : xmp.iid:FE7F1174072068118A6DCF88DE9BDE40, xmp.iid:7C1EE8AF772568118A6DCF88DE9BDE40, xmp.iid:7D1EE8AF772568118A6DCF88DE9BDE40, xmp.iid:1F9266EB782568118A6DCF88DE9BDE40, xmp.iid:289266EB782568118A6DCF88DE9BDE40, xmp.iid:36FD76797D2568118A6DCF88DE9BDE40, xmp.iid:D89255937D2568118A6DCF88DE9BDE40, xmp.iid:3AA1ED53802568118A6DCF88DE9BDE40, xmp.iid:AA90810D812568118A6DCF88DE9BDE40, xmp.iid:99552E04882568118A6DCF88DE9BDE40, xmp.iid:D0C18A5D882568118A6DCF88DE9BDE40, xmp.iid:DAC18A5D882568118A6DCF88DE9BDE40, xmp.iid:6E49C92D442668118A6DCF88DE9BDE40, xmp.iid:7649C92D442668118A6DCF88DE9BDE40, xmp.iid:27DDCB09462668118A6DCF88DE9BDE40, xmp.iid:4195D39A462668118A6DCF88DE9BDE40, xmp.iid:17DCA2C94B2668118A6DCF88DE9BDE40, xmp.iid:DE58604A4D2668118A6DCF88DE9BDE40, xmp.iid:6AF84A704F2668118A6DCF88DE9BDE40, xmp.iid:6BF84A704F2668118A6DCF88DE9BDE40, xmp.iid:42B6B0A9552668118A6DCF88DE9BDE40, xmp.iid:CF69B5C6552668118A6DCF88DE9BDE40 History When : 2012:01:18 07:37:19-08:00, 2012:01:18 08:04:30-08:00, 2012:01:18 08:04:30-08:00, 2012:01:18 08:13:19-08:00, 2012:01:18 08:41:38-08:00, 2012:01:18 08:45:55-08:00, 2012:01:18 08:46:39-08:00, 2012:01:18 09:06:21-08:00, 2012:01:18 09:11:32-08:00, 2012:01:18 10:01:23-08:00, 2012:01:18 10:03:53-08:00, 2012:01:18 10:13:29-08:00, 2012:01:19 08:28:22-08:00, 2012:01:19 08:28:22-08:00, 2012:01:19 08:41:41-08:00, 2012:01:19 08:45:44-08:00, 2012:01:19 09:22:50-08:00, 2012:01:19 09:33:36-08:00, 2012:01:19 09:48:58-08:00, 2012:01:19 10:11:31-08:00, 2012:01:19 10:33:32-08:00, 2012:01:19 10:34:20-08:00 History Software Agent : Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0, Adobe InDesign 7.0 History Changed : /;/metadata, /metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata, /;/metadata Derived From Instance ID : xmp.iid:6E49C92D442668118A6DCF88DE9BDE40 Derived From Document ID : xmp.did:FE7F1174072068118A6DCF88DE9BDE40 Derived From Original Document ID: xmp.did:FE7F1174072068118A6DCF88DE9BDE40 Derived From Rendition Class : default Doc Change Count : 347 Format : application/pdf Producer : Adobe PDF Library 9.9 Trapped : False Page Count : 2 Creator : Adobe InDesign CS5 (7.0.3)EXIF Metadata provided by EXIF.tools