Posts

Guest Post: How to Effectively Isolate Malicious Files Before They Spread

Virtually every organization deals with a firehose of potential malware on a daily basis. Infosec teams are often overwhelmed with arduous digital forensics and incident response (DFIR) processes dealing with the flood. Typically these DFIR processes involve manual, repetitive checks. Sound familiar?

Chances are your organization, like many others today, struggles to stay ahead in the fight against malware. Evasion techniques employed by sophisticated zero-day malware, manual processes, which increase the workload of security teams and open the door to human error, and the lack of automated orchestration tools to deal with malware attacks are just a few of the many challenges that most organizations are faced with today.

Ayehu’s automation and orchestration platform combined with VMRay’s agentless malware detection and analysis engine enables security teams to mitigate the risk of potentially malicious files through fast automated threat analysis and detection.

How does it work?

Alerts from Security Information and Event Management (SIEM) platforms are usually the trigger for infosec teams to begin investigating potential attacks. Simple integrations with SIEM platforms like Splunk enable Ayehu to receive alerts of suspicious files in an organization’s network. Through an automated process Ayehu submits the suspicious file to VMRay Analyzer for further analysis.

The file is automatically vetted through VMRay’s built-in reputation engine, which has the ability to determine if a file is known malicious or known benign within milliseconds. The ability to deal with known threats so quickly using a fully automated process makes threat mitigation processes much more efficient and effective.

Ayehu VMray Connector

What if the reputation engine cannot classify the suspicious file as known good or known bad? How can I protect my organization from zero-day malware?

If the reputation engine returns an “Unknown” reputation score, the next step in the analysis process, is to automatically put the file through a detailed behavioral analysis.

The suspicious file is detonated in a customized virtual machine and is monitored for all system interactions. With this approach, it is almost impossible for the suspicious file to detect the analysis engine and evade analysis. The dynamic analysis engine then returns a VTI (VMRay Threat Identifier) score by considering several factors such as:

  • Filesystem, registry and network activity of the suspicious file
  • Process creation, code injection or driver installation performed by the suspicious file
  • Evasion techniques used by the suspicious file
  • System Persistence techniques used by the suspicious file
  • YARA rule matches

If a file is deemed malicious by VMRay Analyzer, Ayehu can automatically escalate it as a top priority by generating alerts to security teams. With specific playbooks, Ayehu has the ability to automatically quarantine a user’s device by:

  • Blocking IPs/Hashes
  • Disabling the User
  • Terminating Processes

Automated analysis eliminates the risk of allowing potentially malicious files into your environment while relieving your security team of manual, error-prone processes.

To learn more about how VMRay and Ayehu can effectively isolate malicious files before they spread, click here to launch your free trial of Ayehu or contact VMRay.

Read the Ayehu and VMRay solution brief

 

About the Author…
Rohan Viegas – VMRay, Product Manager
Rohan brings over 12 years of experience in product development and management roles to VMRay. In his role as Product Manager for Hewlett-Packard Enterprise, prior to VMRay, Rohan managed a portfolio of products including network management and security software.
At VMRay, Rohan’s responsibilities include product roadmap planning, project management, and technical collateral development.

 

Ayehu to Present as Virtual SOC Operator at FOCUS Conference – Join Us!

Intel Security’s 9th annual FOCUS conference, scheduled to be held November 1 – November 3, 2016 at ARIA Resort and Casino in Las Vegas, Nevada, is considered a “must-attend” event for modern IT security professionals. The 3-day event will bring together leading security specialists—from C-level executives, directors, and mid-managers to product developers and front-line IT staff—to exchange ideas, gain valuable knowledge to implement their security initiatives and share real-world experiences.

Ayehu is excited to be joining these elite security field representatives (and a few high-profile celebrities, from what we hear), where we will be presenting live demonstrations of eyeShare integration with Intel Security. The demos will provide real-time insight into how cyber security automation and orchestration technology can be used to create a closed-loop process that accelerates incident management and remediation. The result is a significant improvement in problem resolution time, an increase in service availability, and improved overall IT operational efficiency.

eyeShare’s integration with Intel McAfee ESM accelerates cyber security incident response to SIEM alerts by using advanced automation.  Together, these best-of-breed tools provide an enterprise-grade solution to easily automate and streamline security policy tasks (playbooks) executed in response to ESM-generated alerts.  The result is immediate and reliable defense against detected threats that helps mitigate damage from cyber security breaches, and serves as a force multiplier for overwhelmed NOC & SOC teams.

The Ayehu team will be presenting from booth #200 and would like to invite anyone who is attending to stop by and visit with us. For more information on our involvement and how you can connect with us and book your own demo, please click here.

We’ll also be Tweeting updates live using the hashtag #FOCUS16, so be sure to follow along and join the conversation. Hope to see you there!

About Ayehu

Recently named by Gartner as a 2016 Cool Vendor, Ayehu helps IT and Security professionals to identify and resolve critical incidents, simplify complex workflows and maintain greater control over IT infrastructure through automation. Ayehu automation & orchestration solutions have been deployed by major enterprises worldwide and currently support thousands of IT processes across the globe. For more information, please visit www.ayehu.com and the company blog.  Follow Ayehu on Twitter and LinkedIn.



eBook: 5 Reasons You Should Automate Cyber Security Incident Response


Integrating Ayehu eyeShare with Amazon Web Services (AWS) and JIRA Service Desk

backOne of the greatest benefits of the Ayehu eyeShare IT process automation product is that it can be easily and seamlessly integrated with an impressive number of existing systems and applications. Two of the most recent to join the ranks include Amazon Web Services (AWS) and JIRA Service Desk.

Amazon Web Services (AWS) is a secure cloud services platform that offers a suite of cloud computing services to establish an on-demand computing platform. AWS provides a broad set of infrastructure services, including computing power, storage, networking and databases – all of which is delivered as a utility: completely on-demand.  Millions of businesses worldwide are leveraging AWS cloud solutions to build sophisticated applications with increased flexibility, scalability and reliability.

JIRA Service Desk is an easy to use, simple to setup help desk software that is popular for its out-of-the-box features, ease of use and simple, straightforward maintenance. The convenient self-service portal also makes it easy for users to request help, search knowledge bases and track progress on issues.

The one area where each of these powerful tools is consistently lacking is that of automation, which is where the eyeShare solution comes into play.

Benefits and Applications

The AWS integration provides the ability to add out-of-the-box activities for working with instances, images, snapshots and other resources. Whether in the development and test environment or the full production environment, the eyeShare integration pack allows users to extend and enhance their AWS environment through advanced automation of workflows. Some of the ways this integration can be leveraged include:

  • Create new images based on existing ones
  • Create and restore snapshots
  • Verify image definitions based on best practices
  • Halt development and test instances during non-working hours
  • Initiate automated responses to AWS alerts
  • Receive notification of shortage in resources

Similarly, the JIRA Service Desk integration allows users to eliminate repetitive, manual help desk tasks and instead create closed-loop process workflows that are designed to accelerate, enhance and extend the existing platform’s capabilities. This can dramatically boost productivity and efficiency levels while also keeping costs down. Some of the tasks and processes that can be enhanced through this integration include:

  • Automatically open tickets based on notification from other applications
  • Update ticket information with the corresponding action performed
  • Notify appropriate parties (via email, SMS or voice message) about new critical tickets
  • Automatically close tickets upon completion of appropriate action

You can view a step-by-step video tutorial on how easy it is to integrate eyeShare with both AWS and JIRA Service Desk by clicking here.

With these seamless integrations, organizations working with JIRA or AWS can optimize the time and resources of their IT departments and foster a much more productive, efficient working environment. Both are part of the complete eyeShare download package.

Ayehu Announces New eyeShare Integration Pack for CA Spectrum

CA Spectrum IntegrationAyehu Software Technologies Ltd., industry leading developer of lightweight, enterprise-grade IT process automation software is pleased to announce the latest integration of its flagship product, eyeShare, with CA Spectrum version 9.4.

CA Spectrum helps organizations to improve network service levels. It incorporates such critical functions as fault isolation, fault management, proactive change management and root cause analysis into one single platform. Utilizing CA Spectrum, IT administrators are able to better understand many of the issues that jeopardize reliable performance, such as configuration changes, unanticipated events and system outages.

eyeShare is an IT process automation solution which mimics the manual response of an experienced IT operator automatically, offering a key advantage over human involvement: instant and automatic response time. Executing pre-configured run books that require no programming, eyeShare can resolve just about any IT crisis for which a solution can be defined in advance.

CA Spectrum IntegrationThe eyeShare integration with CA Spectrum provides a closed loop process that allows IT personnel to more effectively manage incidents and alerts, receive and update data from the CA Spectrum platform, and remediate IT processes automatically, with or without the need for human intervention. eyeShare can run workflows based on pre-determined rules for particular types of incidents. The incidents are then automatically updated accordingly, either by closing them or notifying the system administrator. eyeShare also has the ability to create ‘events’ in CA Spectrum should any glitches be discovered during IT processing.

“Anyone in the IT management realm knows how valuable and effective the CA Spectrum tool can be,” comments Ayehu’s co-founder and CEO Gabby Nizri. “By integrating with Ayehu eyeShare™, CA Spectrum sys admins can now enjoy enhanced benefits, such as a shortened response time to incident resolution, as well as a greater degree of visibility and control. We’re thrilled to add this to our extensive list of out of the box integration packages.”

To learn more about the CA Spectrum integration, click here.

About Ayehu

Ayehu provides IT Process Automation solutions for IT & Security professionals to identify and resolve critical incidents, simplify complex workflows, and maintain greater control over IT infrastructure through automation. Ayehu solutions have been deployed by major enterprises worldwide, and currently support thousands of IT processes across the globe. The company has offices in New York and Tel Aviv, Israel. For more information please visit www.ayehu.com