ThreatResponder® Platform

Do you rely on alerts from your security devices before you take action? At this point, are your actions too late? Why not detect, respond, and neutralize the threat in real-time? ThreatResponder® Platform is an All-in-One Threat Intelligence, Analytics, Detection, Prevention, Response, and Hunting platform that provides 361o threat visibility of your enterprise.



ThreatResponder® has three applications that are offered together or as separate products: Data+Forensics Analytics, Threat Intelligence Platform ("TRIP"), and User Behavior Analytics Engine.

361o Threat Visibility

To provide a 361-degree threat visibility of your enterprise, ThreatResponder® collects data from online and offline systems, including the following:

  • Real-time data collection from millions of endpoints such as Windows, Mac OS, and Linux/UNIX
  • Incident Response data such as RAM, Registry, MFT, Event Logs, Browsing History, DNS Cache, Schedule Tasks, and Prefetch
  • Network Packet Captures
  • Internet of Things (IoTs) devices
  • Security Devices (such as SIEM, IDS/IDS, Firewalls, Netflow
  • Enterprise Logs (such as Web, Proxy, Syslog, Netflow)
  • The wild!

ThreatResponder® Capabilities Snapshot

One Platform with Infinite Capabilities - Threat Intelligence, Analytics, Detection, Response, Prevention, and Hunting

  • Data + Forensics Analytics
  • User Behavior Analytics
  • Threat Intelligence Platform (®TRIP®)
  • Incident Response (Data Collection/Analysis)

361o Threat Visibility

Real-Time Threat Detection/Prevention

  • Known and Unknown Malware
  • Malware-less Attacks (WMI, PowerShell, VBA)
  • Neutralize Malware
  • Contain Host
  • Signature, Behavior, and Machine Learning (ML) Algorithms

Offline System Data Collection and Analysis

Detect Endpoint®s Vital Sign (endpoint®s health/security state)

Endpoint Agent (®Rover®)

  • One single agent
  • Secured and hardened agent
  • Reduced footprint
  • Total visibility of endpoint®s activities
  • Screenshots and video capture of attackers® activities
  • Real-time and Dwell-time attack detection
  • Kernel-mode with total visibility
  • Unknown process Sandboxing
  • ®Dissolvable® Agents ® no installation
  • Ultra-Low CPU and RAM (Less than 1% utilization)
  • Stealthy and very difficult to detect or deactivate