Threat Intelligence Platform on Cyber Domain

Threat Intelligence Platform applied to the cyber domain that aligns indicators with the Kill Chain; contrast, classify, and assign a criticality level, enrich and contextualize the internal observables with multiple information sources, categorizing and prioritizing threat and adversary hunt. Generated deliverables are for various audiences either strategic, tactical, or operative. Augurio Cyber Threat Intelligence Platform is the technological component that integrates all intelligence sources in both the public and the private cloud including Augurio NSA®, Augurio EP®, and Augurio X.®.

Technological components that integrate it:
  • Augurio NSA®
  • Augurio EP®
  • Augurio X®
 
Read more
Augurio CTI® actively and historically monitors the following threats in the country: Andromeda, Cryptowall, Locky, Teslacrypt, Torrentlocker, Dyre, Geodo, Hesperbot, Necurs, Pushdo, Ramnit, Suppo-box, Simda, Banjori, Tinba, Palevo, Ursnif , Betabot, Spyeye, and Zeus as well as many C2.It also categorize threats by type including its malware, exploits, target attackers, spam, loT, fraud, mobile malware, shellcode, worms, emerging attacks, DoS, DDoS, specific threats for clients and web servers, and malicious or suspicious policies on a vertical geolocation map. Augurio CTI® applies tactical intelligence that produces cyber threat intelligence models to provide situational awareness by aligning the indicators to the Kill Chain visually with timelines, geolocation, heat and tree maps, information on the structure of the adversary, volume of indicators, criticality and confidence of the indicators, attacked service and threat in each of the phases; allowing their reclassification. So that the analyst can quickly focus on what’s important and mitigate the risk that the organization faces. Augurio CTI® is able to identify anomalous connections using a world map with specific filters in order to detect the malicious indicators. In addition, there is a graphic description of the elements of origin and destination that interact keeping the accounting of performed occurrences.

Read Less

Solution that exploits malware in search of Adversaries

Solution that exploits malware analyzing executable files, office documents, compress files, Javascripts, Android among others in search for adversaries. Augurio Cyber Threat Intelligence Platform Is responsible for in-depth analysis both static and dynamic corroborating that the files doesn’t contain malicious artifacts that can compromise the organization.

Built-in component that detonates and provide intelligence for: Augurio CTI
Read more
Augurio X® is used to hunt threats and adversaries by contrasting multiple sources of information from static and dynamic fil analysis such as executables, Office files (Office, Adobe), Javascript, Java JAR, Visual Basic script, Android, URL analysis, Shockwave Flash, JAR, DLLs, PHP, HTML, CPL, Python, ZIP files, among others. Augurio X analyzes files that are compatible with Windows and at least files with the following extensions PDF, Class, JAR, JNLP, RMS, SER, docx, dotx, potx, ppsx, pptx, sldx, xlsx, xltx, doc, xls, ppt, mpp to automatically generate static and dynamic analysis. In addition of generating memory dumps of processes with malware; Augurio X® presents risk markers, a world map with geolocation, generated C2 and contrasted with the Augurio Labs® Intelligence Lighthouse to give context to the associated country and its vertical, as well as the description of analysis findings so that analysts can successfully conclude the presence of malware in the organization and neutralize it.

Read less

Security monitoring and analytics solution in Cyber Threat Intelligence Platform

Security monitoring and analytics network solution in Augurio Cyber Threat Intelligence Platform that collects and analyze multiple information sources including IP flows, packets, metadata, advance metadata, session and transactional data that contrast against indicators and cyber threat intelligence to discover, detect, and respond against adversaries. It is the technological component of network analysis that provides intelligence for Augurio CTI. Augurio NSA communicates with Augurio CTI via encrypted communication forwarding indicators and monitorization regarding the health of the network in a centralized way

Built-in component that detonates and provide intelligence for: Augurio CTI
Read more
Augurop NSA® provides threat hunting options through operational flows that allow navigating from the indicator to detail according to the needs of the researcher for the following protocols: IPv4, IPv6, TCP, UDP, SCTP, ICMPv4, GRE, PPP, MPLS , QinQ, PPPoE, DHCP, DNS, HTTP, SMB, DCERPC, SMTP, SSH, SSL, TLS, NTP, FTP, SIP, SNMP, X.509, Kerberos, MySQL, NTLM, RDP Modbus, DNP3 and ENIP / CIP. In addition, it allows you to run a retrospective analysis with searches by timeline, threat, CVE, version, dialer, type, connection status, IP addresses, peer, location, source and destination port, protocol, protocol version, query, reference, User agent, service, tags, user, year, total bytes, packet response, geolocation, TTL, RTT, method, RA, Rcode, RD, rcode_name and duration in each of the sensors. Augurio NSA® shows the status of open, unclosed connections, connection attempts without initial request, midstream traffic, and open half connections. In addition, it identifies the software and version used in a connection, protocols independently of the port, as well as trunk information , null, malformed, very large, very short, and non-requested responses with the ability to show or download traffic captures (PCAP) malicious. Augurio NSA® extracts files from traffic, displays information such as MIMETYPE, source IP, destination IP, size and automatically sends them to a static and dynamic analysis process that seeks the detonation of malware and has at least 43,000 IOCs for malicious detection in network, endpoint and file indicators.

Read less

Analyze in-depth processes.

Endpoint solution that analyze in-depth processes, memory, registry, file system and logs within the system both client and server of Augurio Cyber Threat Intelligence Platform.

Augurio EP is used to priorize the response and detect adversaries’ activity and anomalies that adjusts to the tactics, techniques and procedures of the attacker in the Windows, Linux and Mac OS operating system. It is the technological component for detection and response in the endpoint that provides intelligence to Augurio CTI.

Built-in component that detonates and provide intelligence for:
Augurio CTI
Read more
Augurio EP® is used to prioritize the response and detect the activity of the adversaries and the anomalies that are adjusted to respond to the tactics, techniques and procedures of the attacker in the Windows, Linux and MacOS operating systems. It is the technological component for the detection and response of the endpoint that provides intelligence for Augurio CTI®. It is also used to hunt threats and adversaries by detecting and contrasting multiple sources of information at the endpoint to search for hacking tools and Advanced Persistent Threats (APTs) activities. It uses Yara rules, process analysis, event log analysis, log analysis, analysis of active network connections, author analysis, open file verification, WMI persistence, directory profile detection, SHIM cache scanning, Shellbags scan, DNS cache analysis, endpoint firewall configuration verification, rootkit verification, service verification, scheduled task analysis, file system analysis, MFT analysis, mutex analysis, vulnerability analysis, and verification of file integrity.

Read less