MONITOR OSINT

Mine awareness signals from public data feeds used by threat actors to profile your organization.

  • Data leaks
  • Source code leaks
  • API key leaks
  • Credential leaks
  • Email leaks
  • Forum chatter
  • Social media chatter
  • Exposed S3 buckets
  • Weak credential policy enforcement on public-facing applications
  • Exposed services
How It Works
How It Works
How It Works
How It Works

CONDUCT RECON

Recon Mode architecture supports multi-breach points and asynchronous execution across any environment. As your infrastructure or cloud workloads scale, Recon Mode scales with it. Data is collected through your breach point to profile:

  • users
  • services
  • namespaces
  • systems
  • NAC
  • security controls
  • prevention controls
  • network topology
  • accessible endpoints
  • exposed services
  • third-party apps supporting infrastructure
  • Public intelligence

CONDUCT RECON

Recon Mode architecture supports multi-breach points and asynchronous execution across any environment. As your infrastructure or cloud workloads scale, Recon Mode scales with it. Data is collected through your breach point to profile:

  • users
  • services
  • namespaces
  • systems
  • NAC
  • security controls
  • prevention controls
  • network topology
  • accessible endpoints
  • exposed services
  • third-party apps supporting infrastructure
  • Public intelligence
How It Works
How It Works

EXTRACT SIGNALS

Metadata is extracted and used to chain multiple attacks in your network. All metadata is enriched and attributed to:

 

  • known attacks scenarios
  • new attack scenarios
  • malware families
  • CVEs
  • NIST-800-53
  • CAPEC
  • MITRE ATT&CK
How It Works
How It Works
How It Works

IDENTIFY INFLECTION POINTS

Identify pivot points and critical attack paths to high-value targets in your enterprise. Assets include:

  • Networks
  • Users
  • Systems
  • Applications
  • Systems
  • Cloud API Keys
  • Credentials
  • Trust paths

IDENTIFY INFLECTION POINTS

Identify pivot points and critical attack paths to high-value targets in your enterprise.

How It Works

DISCOVER
ATTACK PATHS

Attack Mode evaluates user, group, and service authentication and permissions for weaknesses that may be used to discover more attack vectors in your network.

CREATE
ATTACK CHAINS

Attack Mode uses attack paths to builds and execute techniques that discover and verify attack vectors in your organization. As attack paths form, new attack chains are created.

How It Works

EXECUTE
ATTACK SCENARIOS

Attack scenarios include one or more attack chains and are execute on-demand, scheduled, or continuous basis. If attack mode is enabled, expect attack scenarios to evolve over time.

How It Works
1

DEFENSE EVASION

2

ATTACK VECTOR DISCOVERY

3

ATTACK VECTOR ANALYSIS

4

ATTACK PATH VERIFICATION

5

ATTACK CHAIN DEVELOPMENT

6

IMPACT VERIFICATION

CONTEXTUALIZE EVIDENCE

All authorized breach activity is contextualized, attributed, verified, and sent to your analytics platform of choice. The data includes platform events, operator events, technique events, API calls, evidence collected, DLLs and namespaces.

VERIFY RISK PROFILES

Deploy once and execute everywhere with Risk profiles. A feature that helps you verify your organization’s current risk exposure to malware families, threat groups, insider threats, and attack targeted attacks.

How It Works

PRODUCE RISK METRICS

Risk Analytics Engine (RAE) deploys graphing algorithms to plot and produce actionable risk metrics. Measure risk exposure by:

How It Works
How It Works

DELIVER

HIGH FIDELITY SIGNALS

SIGINT monitors and attributes data collected from Blackbot to produce and deliver High-Fidelity Intelligence Signals.

ELIMINATE RISK

How It Works

ACTIONABLE REMEDIATION

Deploy host and cloud native detection rules for Windows, Linux, OSX, Docker, Azure, and AWS.

OPTIMIZED MITIGATION

Optimize mitigation strategies across your business units by delivering clear instructions to your stake holders, 24/7.

DELTA REPORTS

Save time and report changes in your security posture without the need to compare and contrast.

FOCUS ON WHAT MATTERS RIGHT NOW

Rapidly verify protection against targeted attacks and eliminate risk of initial breach tactics before they happen.

REQUEST EARLY ACCESS