From Detection to Action: SpyDR Elevates Cyber Hunting to New Heights
Our "Made in Germany" product SpyDR is able to detect tools and techniques commonly shared among cyber criminals but also by sophisticated APT actors.
Stop actors before they are able to deploy ransomware in your environment or exfiltrate data.
Find ANY breaches or adversaries
in your enterprise with SpyDR
No Agent
No Performance Impact
No Pre-Requisites
No Cloud
No Limitations
Know within a few hours if you are breached.
Trace and unveil the adversary throughout your enterprise
“There are only two types of companies: Those that have been hacked and those that will be hacked.”
Robert S. Mueller, III, former Director of the FBI
How SpyDR works
Most breaches are spotted after years! Why?
Most security tools only check for ongoing attacks and deploying them is hard and lengthy.
SpyDR checks any host for traces of hacking tools and common behavoir used by actors, leaving them no where to hide!
When traces are found, take the compromised user and search for their activity to unveil new compromised systems.
1. Integrate all indicators already collected or start with SpyDR's standard detection set.
2. Trigger SpyDR via GPO (or any available management tool such as e.g. SCCM) to run on every Windows Device.
3. Receive results minutes after the initial setup and start hunting.
If the compromised user is already known, search for any user activity across your whole Windows Domain!
Simply identify relevant events like:
Login/Logout activity
System manipulation commonly used for persistence (Scheduled Task, Services, Reg keys)
Why choose SpyDR ?
TRACE APT
SpyDR scans the local event log of every machine for user activity from compromised accounts. You can quickly map on which systems the user logged in and which services or scheduled tasks were created by the compromised user.
Cover ALL Windows devices
SpyDR aims to not leave any gaps where adversaries can hide. It works on recent Windows versions as well as provides compatibility down to WIN 7. Every Windows system connected to the AD can be linked to the deployment GPO.
No agent & performance impact
SpyDR is a truly agent-less software and is deployable via any software deployment service like for example SCCM or via active directory GPO.
It has a minimal footprint so attackers won’t discover it and can’t disable or dodge it like classical AV or EDR tools. It has proven to have almost no performance impact and can be run on systems with sparse resources.
SCCM, GPO, etc.
Why wait, if you could know in hours if you are breached?
SpyDR scales no matter the size of your enterprise, common standard protocols are used for messaging.
No changes required on your side, only deploy and analyze!
Use Cases
Compromise assessment & security reviews
| Before an Incident
Conducting a compromise assessment usually requires deploying agents or network sensors and therefore taking months in preparation and execution.
-
SpyDR does not. Within hours you are provided with a full assessment of all systems connected to your active directory.
Filtering out the noise and only showing you truly malicious traces.
Support DFIR activities
| During an Incident
During the hot phase of an incident focusing your forensic activities on the most relevant assets is key.
-
SpyDR helps you to quickly assess the scope and focus on the right assets. It will give a holistic view on where an attacker has been and assists you in your remediation activities. A tool every incident responder would love to have in his pocket.
Assist cleanup activities
| After an Incident
Incident response activities are completed but tools are missing to conduct enterprise wide sweeps for leftover traces?
-
SpyDR allows you to ingest key indicators gathered during Incident Response. Enabling you to quickly carry out enterprise wide sweeps for your reassurance. Don't simply rely on your AV or EDR!
Assist M&A processes
| Before accepting Risk
Before you merge or acquire a company you want to get an accurate picture on their security posture? Don't rely on high-level risk scores which are purely based on external exposure.
-
SpyDR will assist you identifying the real risk posture of the company in question without any lengthy deployments in an easy to share & consumable format.
Watch us!
@MHP Festival 2022
Want to know more?
For more information fill out the form and we will get back to you shortly!