ReaQta-Hive™ Artificial Intelligence Threat Response
A unique approach to endpoint security
Traditional endpoint security, including antivirus and signature-based protection, may not be enough. And yet, as seen through the rise of extended detection and response (XDR), endpoints are critical to broader visibility across the enterprise, whether in cloud, on servers or elsewhere. With XDR here to stay, endpoint security should evolve to keep pace.
IBM ReaQta™ leverages exceptional levels of intelligent automation and AI to help detect and remediate known and unknown threats in near real time. With deep visibility across endpoints, it combines expected features, such as MITRE ATT&CK mapping and attack visualisations, with dual-engine AI and automation to propel endpoint security into a zero-trust world.
Why ReaQta?
- Continuously learns as AI detects and responds autonomously in near real-time to new and unknown threats
- Helps secure isolated, air-gapped infrastructures, as well as on-premises and cloud environments
- Maps threats against the MITRE ATT&CK framework and uses a behavioural tree for easy analysis and visualisations
- Offers a bidirectional API that integrates with many popular security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools
- Provides heuristic, signature, and behavioural techniques in its multilayered defence
- Allows users to build custom detection strategies to address compliance or company-specific requirements without the need to reboot the endpoint
- Simplifies and speeds response through guided or autonomous remediation
- Offers automated, AI powered threat detection and threat hunting including telemetry from indicators that can be customised for proprietary detection and granular search
- Makes remediation available with automated or single-click remote kill
- Provides deep visibility with NanoOS™, a unique hypervisor-based approach that works outside the operating system and is designed to be invisible to attackers and malware
DETECT & RESPOND to Threats AUTONOMOUSLY
Gain complete visibility over your endpoints. Detect threats in seconds & remediate malware with one click. Secure business continuity with ReaQta-Hive.
360° Visibility
ReaQta’s proprietary NanoOS™ provides deep visibility into the processes and applications running on endpoints. It sits at the hypervisor layer and protects the endpoint from outside the operating system, making it invisible & tamper-free to malware and attackers.
Respond in Real-Time
An easy-to-understand graphical storyline for every threat is automatically created as an attack unfolds, including mapping to MITRE ATT&CK giving analysts full visibility of the threat which can be automatically mitigated or manually with a click.
Simplify & Automate
Simple, yet powerful. ReaQta-Hive is developed for analysts, by analysts. Our user-friendly interface brings novice and expert staff up to speed quickly. Let our dual-AI engines do the heavy lifting, returning precious time back to you.
VISIBILITY
ReaQta-Hive offers full visibility over the infrastructure, allowing real-time queries to the endpoints, extended searches for both IOCs and behavioural indicators, together with advanced data-mining for discovery of dormant threats.
A unique NanoOS™ offers an unprecedented level of detail to the analysts and, at the same time, a barrier extremely difficult to overcome for the attackers.
Two different sets of engines apply state-of-the-art machine learning to applications’ behaviours, automatically alerting about active or emerging threats without need for prior knowledge of the attacks. This signature-less approach, combined with an A.I. driven behavioural analysis, ensures that threats are detected independently of their delivery techniques and payload types.
POWERED BY AI
Artificial Intelligence detection engines are used both on the endpoints and at the infrastructural level to identify new patterns of attack, anomalous activities and lateral movements. The flexibility provided by continuous learning A.I. allows for the detection of new techniques and previously unknown threats, that would otherwise escape detection from legacy solutions. A comprehensive early-warning system automatically identifies potential emerging threats, allowing the security teams to perform a full security assessment ahead of time.
ANTI-RANSOMWARE
Protection from Ransomware is guaranteed by a dedicated dynamic behavioural analysis engine, capable of detecting ransomware and crypto-based attacks without interruption of the business continuity. ReaQta-Hive automatically detects and blocks the ransomware without requiring any human interaction, preventing data loss, and saving valuable time to security teams.
RAPID INCIDENT RESPONSE
A highly automated process guarantees a response time down to the minute. There’s no need for additional security personnel, the analysis process is made simple and streamlined: the clean UI drives the analysts toward the most important events, while the A.I. automatically reconstructs the incident, assessing its scope and impact on the infrastructure.
THREAT HUNTING
Unleash the full power of ReaQta-Hive engines by searching your whole infrastructure for presence of specific Indicators of Compromise (IOC), binaries and behaviours in real-time. Automated data mining enables the discovery of dormant threats waiting to be activated. Hunting down on threats is not just simple, but effective and incredibly fast.
END-TO-END SECURITY
ReaQta-Hive was designed to be complete all-in-one endpoint security solution for organisations. By coupling the Hive Guard Anti-Malware module with the next-gen EDR platform, customers are essentially safe-guarded from any known and unknown threat in a single dashboard. The fully integrated, end-to-end security platform allows analysts to do their best work without the hassle.
DETECTION & PROTECTION
ReaQta-Hive A.I. engines work by analysing the dynamic behaviour, thus they’re agnostic to the delivery techniques and are equally effective on malware (ransomware, RAT, trojans etc) and non-malware (in-memory, file-less) attacks.
Attackers can leverage different types of technologies to breach the defences of an organisation, not all of them are malware based. So called “living off the land” attacks abuse components already present on the targeted operating system to avoid alerting legacy security solutions. These attacks, classified as non-malware, are highly effective and hard to detect since most of the activity happens in memory, leaving a low (if any) forensic footprint.
Whether it’s a ransomware or a sophisticated in-memory attack, ReaQta-Hive helps the organisation track the threat and respond with the appropriate measures in real-time. ReaQta-Hive can be configured in Detection, Protection and Hybrid mode, automating the way the platform responds to different types of threats.
HUNTING & DATA-MINING
ReaQta-Hive provides complete support to search for threat data inside the infrastructure in real-time and to perform more sophisticated data-mining tasks aimed at uncovering dormant threats.
In-memory and file-less threats are hard to track by their own very nature and they become even harder to follow when the attackers are using different variants as they move inside a large infrastructure. By leveraging on data-mining, ReaQta-Hive enables the security teams to automatically hunt for threats that share similarities – at the behavioural and functional level – with other incidents, automatising the hunting job and bringing back results in just seconds.
The highly granular search support allows the analysts to look, in the present and in the past, for traces of attacks. IOCs (hashes, IP addresses, names) and behaviours can easily be searched to understand when and if a threat, or one of its components, came in contact with the infrastructure.
LATERAL MOVEMENT DETECTION
ReaQta-Hive detects lateral movements natively, the analysts can instantly understand which devices are being abused during an ongoing attack, enabling a lightning-fast response in case of successful breach.
Attackers got access to the infrastructure and now they’re moving laterally, waiting to pivot to get access to more valuable resources. Identifying lateral movements disguised as legitimate user’s activities is hard and speed is of the essence, an active attacker can cause all sort of damages in a very short period of time. Once identified, the affected resources can be isolated immediately, or kept under monitoring to gather intelligence on the attacker, understand the modus operandi and identify their toolkit chain.
SIMPLICITY & AUTOMATION
We want your team to be up and running in no time, without requiring additional personnel or highly skilled resources, by letting the bulk of the work to the algorithms and reducing human interaction to a minimum.
ReaQta-Hive has been designed with simplicity in mind, we know that acquiring visibility over the whole infrastructure looks like a daunting task, as much as we know how damaging it can be to ignore the endpoints. All the data is pre-processed and filtered to remove the noise and to make it easy to read, incidents are reconstructed and assessed so as to be understandable in a matter of seconds and in most cases without digging into the data. Every response can be automated, and security teams alerted only when the engines identify suspicious activities.
MANAGED DETECTION AN RESPONSE
ReaQta-MDR- A managed detection and response service by ReaQta: 24/7 threat monitoring, incident response and remediation. We work as an extension to organisations with lean IT teams, looking for real-time monitoring, containment, and eradication of complex threats.
Organisations of all sizes find it extremely difficult to create a trade-off between scaling and security. With ReaQta MDR services, organisations can focus on their daily business operations and continue to innovate and grow, leaving security to a team of experts. With new threats being detected in average every 5 minutes and IT teams too often overloaded, cyber-risk increases constantly. Our team’s job is that of understanding and hunting for new threats and novel techniques, so organisations can remain focused on your growth.
24x7x365 Monitoring
Today’s cyber threats require a complete understanding of your environment in order to detect the most minute anomalies. Our team takes care of your infrastructure 24×7, tracking and resolving all alerts while keeping you always up to date.
Zero Downtime
ReaQta MDR team takes care of containing and remediating threats as soon as they’re detected – minimising your business risk and reducing damages and interruption of services.
Mature Cyber Defence
Our team comes from the military, intelligence, and analysis background – helping you to identify and track even the most sophisticated actors and run advanced threat hunting campaigns.