AIRS received an alert from a detection system about a connection to a suspicious IP address originating from that computer and took the necessary actions to block it, Barak said. It then connected to the computer and identified the malicious process that opened the connection, determined that the PDF file was the source of the infection and removed all the malware components. It then generated a report for the security team to review, he said.
The system was designed to be able to handle sophisticated malware infections, especially on endpoint systems, but it can respond and contain other types of security incidents as well, for example data leak attempts by insiders, Barak said. The company organized the different types of incidents into several categories and created special algorithms and rules to handle them, he said.
Organizations that like to have more control over their incident response processes can set up AIRS to run in a semi-automated mode instead of fully automatic. While in this mode the system investigates alerts on its own, but then prompts security team members to approve the necessary remediation steps.
Hexadite was founded in early 2014 by Eran Barak, Barak Klinghofer and Idan Levin, three former intelligence officers in the Israeli Defense Forces. The company is based in Tel Aviv and received $2.5 million in seed funding from YL Ventures and former Microsoft Corporate Vice President Moshe Lichtman.
Sign up for CIO Asia eNewsletters.