Wisdom Advanced Threat Monitoring (ATM)
Wisdom ATM is a specialized, file-centric threat detection platform for advanced cyber analysts. It’s built to provide analysts robust network visibility and email-focused intrusion detection capabilities. Wisdom ATM presents the analyst with a web-based user interface enabling the capture, search, and review of file-centric threats on the network.
There are three key elements to the Wisdom ATM platform. Passive sensors collect network metadata at key internet points of presence, and extract emails. The file centric scanner performs recursive analysis on these emails to isolate malicious code and create metadata for future analysis. Metadata is stored on the central server providing long-term data storage, and the central server forwards scan findings to SIEM for high confidence alerting.
Wisdom ATM includes three main tools:
- Search: Using the interface analysts can search network logs, NetFlow data and object scan results. Visual reporting of collected network metadata enables analysts to connect the dots that other tools miss.
- File Scan: The scanner performs recursive object scanning exposing hidden sub-objects that evade detection through obfuscation, encapsulation, and encoding. All email file attachments are scanned, and a tree view of the embedded objects is created.
- Signatures: Using known threat intelligence and insight from previous file scan results, analysts develop new YARA signatures for future malware detection.
Wisdom ATM empowers analysts to gather intelligence and develop capabilities needed to hunt adversaries by:
- delivering in-depth network visibility
- enabling email-focused intrusion detection and malware analysis
- allowing creation of new rules, scanner modules, and automated workflows
- enabling effective threat intelligence consumption
- fostering the production of your own analyst-based intelligence