Silicium ECAT

RSA ECAT software is an enterprise malware threat detection and response solution that enables you to easily detect, monitor and protect your environment from undesirable software and the most elusive malware — including deeply hidden rootkits, Advanced Persistent Threats (APTs), Metasploit’s Meterpreter and viruses.

With ECAT, analysts and incident response teams don’t waste time filtering through background noise and false positives. With the industry’s broadest whitelisting and software reputation services built in and powerful enterprise-wide anomaly detection, known good files are quickly identified and added to the baseline, highlighting truly malicious activity for immediate attention.

In one integrated package, ECAT provides:

  • Detection
  • Analysis
  • Remediation
  • Forensics

for all Windows environments, scaling up to 20,000 endpoints per ECAT server.

Server

  • Integration with OPSWAT Metascan using 6 or more different antivirus engines
  • External code signing validation. The certificate chain and root authorities are validated at the server level to avoid being fooled at the workstation level
  • Enterprise environment correlation to quickly find all instances of malware running among thousands of machines
  • Complete and easy to use file and memory whitelisting system
  • Built-in monitoring and alerting system
  • Built-in reporting and exporting system to standard industry formats
  • NIST, NSRL and Bit9 GSR integration for whitelisting.
  • Custom hashlist support for incorporating homegrown and custom apps into whitelisting

See a technical description of how ECAT deals with malware like Stuxnet or download the ECAT datasheet.

The ECAT workflow to find unknown malware in large environments is:

 

more...