- Has a binary matching this MD5Sum ever been run anywhere in my Enterprise?
- Have any binaries been run from Java.exe today?
- Are any users who never used Task Scheduler suddenly masters of obscure Windows shell features?
We like to split the features into three major groups - Detect, Analyze, and React.
Detection in EL JEFE
- Threat detection algorithms that look at known bad process behavior - not known bad binaries
- Does not just detect malware, El Jefe often simply detects attacker behavior
- Statistical anomaly detection will automatically find threats on your Enterprise
- Visual and easy to use web interface to correlate process execution
- Having an open database of all process execution can be used by advanced users to perform sophisticated examination of anomalies
- Deep analysis of threats behaviour within the El Jefe interface with Cuckoo Sandbox and CAMAL integration
- Multiple remote Sandbox VMs are supported to help model your monitored environment as closely as possible
- Having a list of all binaries ever run can be used to detect lateral movement of known attackers