DBRT: the Data Breach Response Toolkit

DBRT enables IT personnel to find and remediate advanced rootkits, Trojans, and other  malware. It is a scalable, enterprise-class solution.

Your Current Anti-Malware Protection isn’t Enough

There are more than 68.3 million pieces of malware out there, according to a 2012 study by AV Test. The numbers have gone up since. All companies have some sort of antivirus protection in place, and that protection works very well — often stopping better than 99% of threats encountered. But with such a huge amount of malicious code around, infections and data breaches are inevitable. The less than 1% that manages to get through is the cause of just about ALL the data breaches reported by the media, and there are many, many more attacks going unreported because companies usually keep news of attacks very secret.

infection_ diagram

DBRT Can Find It – DBRT Can Kill It

Automated anti-malware solutions detect hostile code by comparing snapshots of systems and looking for changes, or comparing suspicious code snippets against a register of known malware profiles. Advanced malware is designed to elude these sorts of detection systems. DBRT is different. It provides a set of tools that enable IT analysts to find and remediate the most sophisticated threats. Using a technology we developed called Relational Code Intelligence, an IT analyst using DBRT can examine how snippets of code interact, and then flag relationships that are suspicious. With flexible configurations and the ability to work both onsite and remotely, DBRT can clean up and protect an entire enterprise quickly and completely.

How DBRT Works

DRBT has three software components: Agents, the Server and the Viewer. A minimal DBRT installation requires one of each component. Agents and Viewers can be added to scale DBRT for large enterprise (1000+ seats) applications.

AGENT Agents – installed on individual terminals or workstations in the network. They monitor individual endpoints and report back intelligence to the Server.
SERVER The Server – stores information sent from Agents, as well as snapshots, skip lists, etc., in a database.
VIEWER The Viewer – allows IT analysts to control all the Agents on the network, interpret inbound intelligence from the Agents, and deploy remediation and inoculation solutions. The Viewer also accesses the Server and has database maintenance capabilities as well.

flow_diagram

A Scalable, Enterprise Class Anti-Malware Solution

DBRT is ready to install on your network now – from a few workstations to thousands. Multiple locations are no problem for DBRT; install the DBRT Viewer and then remotely install DBRT agents throughout your network. Search for and remediate and threats remotely from one location. Should you need to add more analysts, just add Viewers — DBRT can be operated from multiple endpoints on the network.

  • Multi-Agent centralized solution
  • Real-time and historical data analysis capability
  • Kernel and user mode detection engine
  • Semi-automated detection mode with customizable parameters
  • Unique detection techniques only possible with DBRT
  • Unlimited number of agents and responder consoles
  • Centralized updating of all DBRT components
  • Extensive reporting options
  • User-friendly UI
  • Custom control all functions of the agents from the server
  • Offline agent analysis capabilities
  • Find it on one, clean it from all; apply actions to all computers with a single click

Screenshots of DBRT in Action

Running a scan on an installed DBRT Agent.
dbrt_1
The Agent reports some suspicious activity.
dbrt_2
The IT analyst delves deeper into the relationships on the system.
dbrt_4
An infection is found – one that eluded all detection until now!
dbrt_3

DBRT Trial Download

Get a 15 day trial version of DBRT. Just follow this link to the DBRT Trial Download page.