RSA ECAT Endpoint Security Blog
A blog on endpoint security, malware detection and analysis. We keep you up to date on how RSA ECAT handles the latest threats,the latest events and news.
ECAT + YARA + APT1
In our new release of RSA ECAT V.3.4 we’ve included support for YARA rules. What, you ask, are YARA rules and why would I use them with ECAT? The YARA engine is an executable that is loaded by ECAT at runtime. The engine compares files sent by ECAT against a ruleset in a text file . With YARA you can create descriptions (rules) based on textual or binary patterns (say a memory string or file attribute such as the packer used). If there’s a match between the file submitted and one or more of the YARA rules, then the suspect...
read moreRSA ECAT V3.4 Product Update webcast
Join us May 2nd for a deep dive on what’s new in ECAT V.3.4 We’re holding (at 3 different times throughout the day to accomodate our customers and partners wherever you may be) 3 webcasts where we’ll be doing a detailed walk-through of what’s new in ECAT V.3.4. These webcasts are geared towards existing users or evaluators of ECAT, or those who may have seen previous demos of ECAT in action and would like an update. RSA Customer Support Training Module: RSA ECAT V.3.4 Product Update 2:00 p.m. EDT |...
read moreRSA Conference 2013
No surprise, now that we’re part of RSA we’ll be exhibiting again this year at the RSA conference in San Francisco, this time at the RSA booth. We’ll have our own ECAT pod with the Firstwatch and Advanced Cyber Defense teams, and there will be a full NextGen SOC with ECAT integrated into the operations along with RSA’s other security solutions, simulating real-world cyber incidents. Join our team to see our solutions in action, and learn about our future direction with Security...
read moreIntroduction to RSA ECAT – the video
We’ve added a new Introduction to RSA ECAT video to our YouTube channel. In this short clip, we explain how RSA ECAT fits into the enterprise security landscape, and how ECAT’s sophisticated live memory analysis and deep physical disk inspection combine to detect the threats that others miss. No other solution delivers accurate, actionable information for incident response in Windows environments like ECAT. For a whitepaper on ECAT or to request more information, please click...
read moreDementia? Forget about it (with ECAT).
Recently Dark Reading posted an article on Dementia , a tool developed by Luka Milkovic of Infigo in Croatia and presented at the recent CCC conference that modifies memory dumps used in forensic analysis. Needless to say, the headline reporting that this tool allows attackers to bypass memory analysis brought traffic and questions to us about how ECAT would be affected. Our team did some research on the Dementia tool and how it works starting with the posted material from the conference. Here’s our take: 1 – Dementia is designed to...
read moreRSA Security Analytics – the shape of things to come
RSA Security AnalyticsSecurity AnalyticsRSA has recently posted a new video on Security Analytics, the new platform that will combine log and packet data analysis, external threat intelligence feeds and more. There’s interviews with several of our colleagues, including from RSA’s own CIRC team explaining the value of total visibility and big data correlation. Our CIRC of course eats our own dog food, including ECAT. They are on the front lines of cyberdefense at RSA and face a tough a challenge as anyone in dealing with...
read moreEMC Acquires Silicium Security
We’re pleased to announce that Silicium Security has been acquired by EMC. Going forward we will operate as a line of business under RSA, The Security Division of EMC. Our team stays in place and will continue to support our customers and partners. The full text of the announcement from our CEO is here and the announcement from EMC is here. Check back here or subscribe to our newsletter for more updates as we transition to the RSA...
read moreProtecting your servers: it’s a good start…
When we talk to a potential customer, we like to get a good understanding of their current security posture and how they are prioritizing their next security projects. Several times recently, as we drilled down with the customer on their environment and priorities, they told us their plan was to first lock down and secure the servers. Well, makes sense right? That’s where all the sensitive info is, so make sure you’ve got the gold safely locked in a vault? Sure why not. Yet, looking backwards at some of the biggest hacks and...
read moreVirus Bulletin: Threat prevalence revisited
This month’s issue of Virus Bulletin has published an article (sorry, subscription required) where I expand on my earlier blog post on the inherent conflict between a security vendor’s economic interest and the customer’s need to detect and prevent targeted attacks when relying on signature-based...
read moreGFIRST Atlanta – Aug. 21-23rd with ECAT
We’ll be at the GFIRST conference at the Atlanta Marriott Marquis from the 21st to the 23rd of August. GFIRST (The Government Forum of Incident Response and Security Teams) is sponsored under the auspices of US-CERT and is a conference now in its 8th year for U.S. Federal, state and local agencies, both civilian and military, focused on the latest cybersecurity practices, trends and technologies. We’re at booth #7, if you haven’t registered already, you can...
read moreOur mailing list
Technology Partners
Silicium Security has been acquired by EMC and is now part of RSA, The Security Division of EMC. Find more details