skip to Main Content

FireTower Incident Response and Containment Task

FireTower Security Solution
  • Preamble
  • Incident Response
  • Automatic Quarantine
  • Manual Quarantine
  • Authentication
  • Resources

Anti-Virus security solutions from Enterprise Protection Platforms (EPPs) employ signature-based malware detection methodology and cannot detect advanced attacks and Zero-day attacks that are previously undiscovered and have no associated signature.

Since there is no signature for the Zero-day malware, Anti-Virus solutions not only cannot identify the attacks, but also cannot provide any actionable response.

Malware is virtually always persistent and FireTower monitors, detects and disrupts malware cyber kill chains and delivers an always-on triage platform for incident response and forensic investigation.

Finding the compromise by focusing on persistence mechanisms is the standard industry practice for incident response because it is the most effective way to discover breaches and malware. Postmortem analyses indicated that the majority of recent zero-day cyber security attacks made use of injected or altered persistence mechanisms.

FireTower uses the Inter-Host Intrusion Prevention System (IHIPS) engine to automate the standard industry practice to collect, authenticate, and stack all persistence mechanisms. All enterprise forensic data are available in real-time as live forensics.

FireTower client software at endpoint system will discover and authenticate in real-time all critical system state change events, and the Guard service if enabled through endpoint protection profile will automatically quarantine malicious and/or suspicious threats.

Any malicious entry, regardless whether it was manually or automatically quarantined will be interdicted automatically by FireTower.

FireTower administrators through an interactive threat exploration interface with built-in analytics can provide early identification of ongoing attacks and to more rapidly respond to detected attacks.  They can issue “quarantine ALL” commands to all at-risk endpoints against a malicious events with a single click.

Autorun Setting Repository (ASR) Proxy service allows enterprise security administrators to overwrite and upgrade or download any authentication rating from public cloud-based ASR database. All security events and proprietary persistence mechanisms are kept inside the enterprise threat database and are never exposed to outside world.

All authentication rating changed by FireTower administrators will be automatically processed throughout enterprise network.  That is any rating changed from good to malicious will be immediately and automatically quarantined at all at-risk endpoints.  Conversely any authentication rating changed from malicious or suspicious to good will be immediately and automatically un-quarantined from all affected endpoints.

Back To Top