After handling dozens of cyber incidents, our IR team demanded a versatile, automated and dynamic tool they could set free to scurry through customer systems to collect and analyze lots of information. The tool would support multiple operating systems, aggregate valuable data and produce swift conclusions about ongoing attacks. It would detect IOCs (indicators of compromise) and IOAs (indicators of attack) then gauge the extent of the attack’s spread. The tool would provide the team with the headstart on the cyber battlefield.
Introducing OP Innovate’s ‘Ant’
Ant is our Innovative Rapid Response (IRR) tool, the cornerstone of OP Innovate’s incident handling methodology.
Ant packs years of hands-on IR experience into a cutting-edge tool for faster and more cost effective incident resolution.
Ant in Action - A Ransomware Use Case:
In Dec 2020, in partnership with Israel’s National Cyber Directorate, OP Innovate spearheaded Israel’s response to the Pay2Key state-sponsored ransomware attack. We were engaged by numerous organizations that suspected their systems had been compromised by the malware.
As the Pay2Key campaign spread, several IOCs were linked to this malware variant. Coupling Ant’s automated data gathering capabilities with our team’s hands-on experience, OP Innovate’s IR team was able to effectively channel their incident response resources to triage affected servers and endpoints in organizations “under attack” for rapid and effective conclusion of their exposure.
Top 6 Benefits using our IR team with the Ant:
- Ant cuts time spent on incident response and boosts “mean time to recover”
- Ant correlates OS and application log data to give responders a head start
- Ant utilizes an enterprise-level machine data analysis engine and gain workable intel on the ongoing attack
- Ant focuses responder efforts on the true positives
- Ant is portable, lightweight, agentless and quick
- Ant works on Windows and Linux-based systems