Paladion Networks has announced that its RisqVU IST platform is now listed on the Amazon Web Services (AWS) Marketplace, a reliable cloud computing platform by Amazon.com. AWS customers will be able to subscribe to RisqVU IST on the AWS Marketplace to perform Indicators of Compromise (IOCs) based asset scans to detect signature-less malware on cloud assets.
Ravi Raman, SVP & Head of Engineering, Paladion said, “RisqVU IST’s proprietary algorithms use IOCs, correlation of host interaction points, and situational awareness on cloud assets to predict and prevent attacks. Currently, IOCs are mainly used in forensics, and are used to articulate pieces of forensic data. IOCs are, however, important clues to spot the attacker or malware during its early stages. RisqVU IST leverages this information to serve early warnings that can prevent a breach.
For example, some ransomwares are staged in the start up folder and gets loaded into memory on device reboot. If this malicious artefact can be detected before reboot then the exploitation can be prevented.”
Identifying IOCs early is one of the many RisqVU IST features. IST uses a host of other proprietary threat discovery mechanisms to build robust defences against current cyber threats.
RisqVu IST has the capability to correlate various host interaction points like processes, services, and registry keys, across all servers to discover outliers. Suspicious events are converted to IOCs and feed in to its detection engine. The detection engine runs IOCs on the cloud infrastructure to find similar patterns. It also pushes the compromise likelihood higher if similar patterns are observed in other systems.
Antivirus solutions alone are not effective in detecting such outliers as they operate in individual machines. RisqVU IST operates from a central server and correlates data from all IT infrastructures to identify outlier patterns in host interaction points. This is a model that fits well for cloud computing or on-demand computing platforms.