A blog on endpoint security, malware detection and analysis. We keep you up to date on how RSA ECAT handles the latest threats,the latest events and news.
Our team likes to use variants of Zeus to test and demo ECAT’s capabilities. Zeus is definitely on the mature side for a malware family, yet its authors update Zeus on a regular basis, ensuring low AV detections with the most recent variants. Zeus is not targeted malware by any means, in fact quite the opposite of ‘low and slow’, and as such it isn’t necessarily the type of malware IR teams are most concerned about. Nevertheless, its prevalence and ability to persist and avoid detection make it a perennial concern....
The RSA ECAT team will be at the RSA booth at BlackHat USA in Las Vegas this year, with our own pod. We’ll have live demos of the newest release of ECAT (stay tuned) and experts on hand to parry your IR and malware analysis questions. This year’s event will be hosted as usual at Caesars Palace in Las Vegas, Nevada July 27 – August 1st and offer multi-day training sessions, Briefings tracks with the latest research, and workshop tracks dedicated to practical application and demonstration of tools. More details on...
We have a new video posted showing an end-to-end Advanced SOC operation using RSA solutions. From initial incident alert inside RSA’s Archer AIMS (Advanced Incident Management for Security) to investigation with Security Analytics and ECAT, this video shows how each RSA solution ties together to provide complete IR coverage and visibility.
In our new release of RSA ECAT V.3.4 we’ve included support for YARA rules.
What, you ask, are YARA rules and why would I use them with ECAT?
The YARA engine is an executable that is loaded by ECAT at runtime. The engine compares files sent by ECAT against a ruleset in a text file . With YARA you can create descriptions (rules) based on textual or binary patterns (say a memory string or file attribute such as the packer used). If there’s a match between the file submitted and one or more of the YARA rules, then the suspect...
Join us May 2nd for a deep dive on what’s new in ECAT V.3.4
We’re holding (at 3 different times throughout the day to accomodate our customers and partners wherever you may be) 3 webcasts where we’ll be doing a detailed walk-through of what’s new in ECAT V.3.4. These webcasts are geared towards existing users or evaluators of ECAT, or those who may have seen previous demos of ECAT in action and would like an update.
RSA Customer Support Training Module:
RSA ECAT V.3.4 Product Update
2:00 p.m. EDT |...
No surprise, now that we’re part of RSA we’ll be exhibiting again this year at the RSA conference in San Francisco, this time at the RSA booth. We’ll have our own ECAT pod with the Firstwatch and Advanced Cyber Defense teams, and there will be a full NextGen SOC with ECAT integrated into the operations along with RSA’s other security solutions, simulating real-world cyber incidents.
Join our team to see our solutions in action, and learn about our future direction with Security...
We’ve added a new Introduction to RSA ECAT video to our YouTube channel. In this short clip, we explain how RSA ECAT fits into the enterprise security landscape, and how ECAT’s sophisticated live memory analysis and deep physical disk inspection combine to detect the threats that others miss. No other solution delivers accurate, actionable information for incident response in Windows environments like ECAT.
For a whitepaper on ECAT or to request more information, please click...
Recently Dark Reading posted an article on Dementia , a tool developed by Luka Milkovic of Infigo in Croatia and presented at the recent CCC conference that modifies memory dumps used in forensic analysis.
Needless to say, the headline reporting that this tool allows attackers to bypass memory analysis brought traffic and questions to us about how ECAT would be affected.
Our team did some research on the Dementia tool and how it works starting with the posted material from the conference. Here’s our take:
1 – Dementia is designed to...
RSA Security AnalyticsSecurity AnalyticsRSA has recently posted a new video on Security Analytics, the new platform that will combine log and packet data analysis, external threat intelligence feeds and more. There’s interviews with several of our colleagues, including from RSA’s own CIRC team explaining the value of total visibility and big data correlation.
Our CIRC of course eats our own dog food, including ECAT. They are on the front lines of cyberdefense at RSA and face a tough a challenge as anyone in dealing with...
We’re pleased to announce that Silicium Security has been acquired by EMC. Going forward we will operate as a line of business under RSA, The Security Division of EMC. Our team stays in place and will continue to support our customers and partners. The full text of the announcement from our CEO is here and the announcement from EMC is here.
Check back here or subscribe to our newsletter for more updates as we transition to the RSA...