HBGary released Responder Professional 2.0, a Windows physical memory and automated malware analysis platform that analyzes all programs in memory including malware to obtain the threat intelligence needed to mitigate risk. The responder gets its information directly from the memory, not the operating system.
Within five minutes, HBGary Responder Professional 2.0 analyzed the malware behavior in the Operation Aurora attack to identify registry keys, IP addresses, suspicious runtime behavior and other critical data.
“The security risks posed by Operation Aurora demonstrated that this type of threat intelligence needs to be available to every government agency, and every corporation- not just large corporations like Google. Advanced Persistent Threats (APT) cannot be detected easily by any other solution on the market,” said HBGary founder and CEO Greg Hoglund. “Anti-virus vendors often take days or weeks to create a signature, and this only after an infection is discovered by other means. With HBGary Responder Professional 2.0, IT security analysts can — in minutes – identify the type and source of malware and adjust their security policies, shut holes in their network or take other necessary steps to secure their data.”
A key feature, REcon is a technology that records and graphs malware behavior at runtime so users can extract critical data from unknown executables. In HBGary Responder Professional 2.0, REcon issues a report that automatically details all the important behavior from a malware sample, including network activity, file activity, registry activity, and suspicious runtime behavior such as process and DLL injection activity. Other updates to HBGary Responder Professional 2.0 include automated reporting and the ability to take a remote memory snapshot electronically and analyze locally.
Digital DNA, an addon to Responder, is HBGary’s patent pending core technology and has been upgraded to support fully automated disassembly and dataflow of every binary found in the memory snapshot (hundreds, if not thousands of potential binaries). Digital DNA can examine every instruction, and extract behavior from binaries that have their symbols stripped, headers destroyed, even code that exists in rogue memory allocations. This is all 100% automatic, and the results are weighted so users can determine which binaries are the most suspicious at-a-glance.