Datasheet Bromium LAVA Live Attack Visualization and Analysis Key Benefits STRATEGIC INTELLIGENCE Accurately identify targeted attacks as they occur to enable more effective response ZERO-DAY ATTACK INSIGHT Quickly analyze and respond to who, what, when, where, and how you are being attacked to minimize impact and costs ADVANCED VISUALIZATION Identify and act on attacks in minutes—not days or months— saving time and money Key Features AUTOMATIC ANALYSIS Instantly understand the specific tactics and goals of any attack. LAVA details the precise set of malicious steps down to the registry, external IP addresses, and files changed by malware STANDARDIZED COLLABORATION Automatically create standardized indicator of compromise reports in STIX/ MAEC format for collaboration with other security tools Every day, enterprises and government organizations are confronted with malware attacks that evade firewalls, network protection devices, and traditional endpoint security. What if there was a way to safely record and analyze the complete attack, without risk to the organization? Now there is. Transform your security operations Security teams spend valuable time reacting to hundreds of routine events every day. These can be minor or a truly serious attack—and sometimes it is difficult to tell the difference. Bromium® LAVA™ enables you to quickly identify real attacks from the rest and determine who within the organization is being targeted. This level of insight allows for immediate implementation of technical and user policies to counter malicious activity faster than ever before. Empower your security staff. Enhance your current security tools. LAVA’s advanced visualization techniques enable security personnel to understand complex attacks in minutes rather than the hours or days required with traditional forensic tools. LAVA shares detailed attack information with your current infrastructure to elevate the overall effectiveness of your “defense-in-depth” strategy. You can automatically export security incidents to the most popular SEIM, next-generation firewall, or other systems to deliver a new level of visibility and control. Stix/MAEC formatted threat intelligence reports can be automatically generated and shared with third parties. Visualizing the kill chain LAVA delivers a clear and concise summary of the complete “kill chain” enabling security operators to quickly evaluate the threat to the organization and respond instantly. Full malware capture LAVA records complete samples of all malware within a Bromium micro-VM, even malware that is deleted or that never leaves volatile memory. Armed with these samples, the analyst can replay or reverse engineer the malware to uncover the complete methods and goals of the attack. Automatic attack categorization LAVA instantly displays a highlevel, color-coded, plain language characterization of the intent of the attack elements. This enables the security analyst to quickly identify the organizational risks of each attack and prioritize the appropriate response. 1 Datasheet Bromium LAVA Live Attack Visualization and Analysis Datasheet BROMIUM LAVA Every day, enterprises and government organizations are confronted with advanced malware attacks that evade firewalls, network protection devices and traditional endpoint security. What if there was a way to safely record and analyze the complete attack, without risk to the organization? Now there is… Key Benefits Supported Platforms STRATEGIC INTELLIG ENCE Accurately identify advanced targeted attacks as they occur to enable more ENDPOINTS Intel i3, i5, i7 processors, 4 GB RAM, effective response Windows 7 64-bit and 32-bit, Apple OPERATIONAL COSTOSX SAVINGS SERVERS Microsoft Windows SQL Server 2008 R2 Advanced features enable the security team to deliver results in minutes instead of days increasing productivity and lowering costs Server 2008, About Bromium ZERO-DAY ATTACK INSIGHTS Quickly analyze and respond to who, what, when, where, and how you are being attacked ADVANCED VISUALIZATION Identify and act on attacks in Bromium has transformed endpoint minutes—not days or months— saving time and money security with its revolutionary isolation technology to defeat cyber attacks. Features Unlike antivirus or otherKey detectionTransform Your Security Operations Visualizing the “Kill Chain” AUTOMATIC ANALYSIS based defenses, which can’t stop The LAVA bypass visualizationdetection. trace delivers a clear and Security teams spend valuable time reacting to hundreds•Defense How it works Instantly understand the specific tactics and modern attacks, Bromium uses concise summary of the complete “kill chain” enabling of routine events every day. These can be minor (a false goals of any attack. LAVA details the precise escalation usedthetothreat disable security operators to quicklyis evaluate to the vSentry® uses attack—and micro- sometimes it is Privilege micro-virtualization to keep userssteps down to the registry, Bromium positive) or a truly serious set of malicious organization and respond instantly. difficult to tell the difference. IP addresses, and files changed by secure while deliveringexternal significant resident security tools. LAVA detects virtualization to isolate user tasks. malware LAVA enables you to quickly identify real attacks from the cost savings by reducing and even Full Malware Capture STANDARDIZED COLLABORATION stores these actions for later study. This automatically andwithin safely allows is being and the organization rest and determine who Security analysts can often spend days of precious eliminating false alerts, urgent patching, Automatically create standardized indicator targeted. This level of insight allows the organization to time trying to recover malware samples from a of compromisethe reports in STIX/ MAEC format malware to fully execute within a policies to•Command-and-control and remediation—transforming immediately implement technical and user detection. compromised endpoint for further study. LAVA for collaboration with other security stake counter malicious activity fasterthan ever before. traditional security life cycle. records complete samples of all malware within a holders micro-VM, enabling LAVA to do post- LAVA identifies command-andBromium micro-VM, even malware that is deleted or that never leaves volatile memory. Armed with these Empower analysis Your Security Enhance Your exploitation toStaff. establish control (C&C) channels details samples, the analyst can replay or reverse-engineer Current Security Tools. a full malware kill chain. the malware to uncover the complete methods and LAVA’s advanced visualization techniques enable security enabling tuning of perimeter defenses goals of the attack. personnel to understand complex attacks in minutes rather than the hoursall or activity days required with the traditional forensic to block communications throughout LAVA observes from Automatic Attack Categorization tools. theLAVA enterprise. instantly displays a high-level, color-coded, plain vantage point of the hardware, “below” LAVA shares detailed attack information with your current language characterization of the intent of the attack Detection. elements.Injection This enables the security analyst to quickly the operating infrastructuresystem. to elevate theThis overallvantage effectiveness of your •Process identify the organizational risks of each attack and “defense in depth” strategy. You can automatically export Process injection introduces malicious point provides unique capabilities. prioritize the appropriate response. security incidents to the most popular SEIM, Next Generation Firewall or other systems to deliver a new level code into running processes on the of visibility and control. Stix/MAEC formatted •Bootkit/rootkit detection. One ofthreat the intelligence reports can be automatically generated and victim. This technique is extremely rd parties. shared with 3 most hard-to-detect components of difficult to detect with conventional malware is bootkits/rootkits. LAVA clearly analytic tools. identifies their installation and actions. •Malware Persistence Detection. •Anti-forensics detection. Malware Malware often modifies the victim can evade detection by removing system to ensure the attacker has components used early in its infection access in the future. LAVA monitors cycle. Typical forensic tools cannot and identifies this behavior. detect these. LAVA identifies these •Command Shell Detection. Remote for later analysis. command shells enable attackers to •Zero-day malware signature take control of a compromised system generation. LAVA provides MD5 and are an unambiguous indicator checksums for use in other security of compromise. tools for malware identification. Bromium US 20813 Stevens Creek Blvd Cupertino, CA 95014 [email protected] +1.408.598.3623 Bromium UK Lockton House 2nd Floor, Clarendon Road Cambridge CB2 8FH +44.1223.314914 For more information refer to www.bromium.com, contact [email protected] or call at 1-800-518-0845 Copyright ©2014 Bromium, Inc. All rights reserved. DS.LAVA.US-EN.1409 2