Resolution1 Security, the leader in incident resolution solutions, has announced the availability of ThreatScanner™, a new freeware tool that searches for malware artifacts on a suspect endpoint. Using ThreatScanner, security personnel will be able to quickly and proactively hunt for threats to minimize the impact of an attack by instantly identifying compromised systems. Once installed, they can immediately scan for malware, including those attributed to the recent Regin and Sony Pictures hacks.
ThreatScanner is a powerful detection tool that’s easy to use and flexible to create customized scans using current threat formats. Once downloaded, the command-line tool runs a simple script to hunt for indications of compromise (IOCs) or YARA rules on a Microsoft Windows endpoint. An automatically generated report (HTML and XML) provides details of suspicious artifacts so that analysts can take immediate action.
With this initial release, the integration of IOC and YARA rules is a technology first to use both formats simultaneously for greater search flexibility. Current tools are limiting in that they scan one or the other but not both. ThreatScanner comes preconfigured with a Regin IOC and Regin YARA rule, as well as a Sony IOC.
“We’ve developed ThreatScanner to help not only our customers, but also the security community at large, by making this freeware tool widely available,” said Brian Karney, CEO of Resolution1 Security. “In today’s advanced threat landscape, enterprises need to be proactive and hunt for threats rather than passively rely on the thousands of daily SIEM alerts. We built ThreatScanner to give security teams additional tools to strengthen their incident response.”
“As the severity of advanced attacks increases, one of the biggest challenges we have is quickly determining if we have an issue and the extent of the impact across our enterprise,” said Eric Hlutke, Global Director of IT Security Architecture & Strategy at Anheuser Busch. “Having a flexible free tool, like ThreatScanner to quickly determine if a single suspect machine has a problem is powerful, especially with the recent Regin and Sony attacks.”
“Our company realised we needed to strengthen and invest in our information security and incident response after experiencing increased incidents,” said Chris Morris, Owner at Turrem Data. “We implemented proactive processes to hunt for suspicious activities to get in front of major cyberattacks. A free tool like ThreatScanner is a much needed capability for scanning suspect machines for threat issues that can rapidly escalate to major incidents.”
ThreatScanner is available for immediate download here.