WALTHAM, Mass. April 25, 2012 CounterTack
With this partnership, intelligence derived from the Event Horizon solution, including file, process and network level activity, can be integrated with an organization’s existing HP ArcSight deployment to further reduce false positives and enhance correlation capabilities between the products.
CounterTack’s interoperability with the HP ArcSight correlation engine will add valuable, real-time forensic details, such as the timestamp of the attack, information on the process initiating outbound connection to the remote host, and information on the process modifying files and the process modifying Registry Key values.
Event Horizon utilizes the hypervisor to perform analysis of operating system (OS) level functions that attempt to manipulate file, process and network behavior. This unique execution of applied virtualization enables Event Horizon users to monitor host-based activity without being detected. Machine speed capture of data from the memory of a virtual machine creates rich, actionable intelligence, which includes file, process and network level activity.