Remove Infection (REON)

IQLs VA detects the machine within a network that has been hijacked and can be used to obtain memory dumps of the target machine. The memory dumps obtained from the target machine assist in deep analysis by obtaining decryption keys, data streams, memory footprints and past activity undertaken by the malicious software. While memory dumps imply the ability to monitor actions in the past, the VA also generates Binary Files (BF) that can initiate real time monitoring of the target for future activity. VA generated BF operate to defend a system where scenarios where traditional firewalls and anti-virus software fail. For example, in situations where a threat actor was to initiate an attack against systems with one/zero days against fully patched devices. Most anti-virus and firewalls focus on detection of malware using signatures with a focus on heuristics. VA BF enables advanced heuristic, algorithms and behaviourial analysis that defends against past, current and future threats of:

  • Malicious encrypted data channels for covert exfiltration,
  • Arrests installation of malware and auto start-up,
  • Detects sabotage and tampering of physical terminals,
  • Detects and stops side channel / load attacks, and
  • Phishing attacks.

  • Go back