The developer of ConfigSafeĀ® software today announced the addition and availability of Cyber Exploit IdentiKit (CXI), a new toolkit designed to help protect computer systems against malware intrusions, exploits and zero-day attacks. CXI joins Install Discovery and Install Discovery Plus in the security-minded Cyber Exploit Discovery product series.
The Cyber Exploit Discovery product series employs a CXI forensic engine to perform real-time “Process Behavior Discovery” in either an on-demand or always-on mode as opposed to the traditional method of observing system configuration changes by taking and comparing system “snapshots”. This product series delivers these functions with speed, precision, and ease of use.
Cyber Exploit IdentiKit (CXI) is a powerful utility that employs the CXI forensic engine in an always-on mode to provide users with two major functions: Process Activity Recording and Real-time Exploit Discovery. The Process Activity Recorder monitors crucial change events of all live processes and allows users to view, filter, record, and playback all these process events for cyber forensic investigation. The Real-time Exploit Discovery mode uses an Event Tagging and Correlating technique to data mine and report exploit behaviors of process families. This discovery operation is pre-configured to detect any activities relevant to software installations. An unintended software installation could be a cyber exploit which would indicate the first step of a malware intrusion process. The reboot surviving behavior exhibited by most malicious worms or botnets, including those of zero-day Conflicker worm, will be reported instantly in the Real-time Exploit Discovery Window.
Cyber Exploit IdentiKit is targeted to both consumers and IT professionals. For consumers, “Real-time Exploit Discovery” will provide behind-the-scenes system exploit information. For forensic experts and IT professionals, the “Process Activity Recorder” provides detailed forensic evidence for investigating system exploit incidents while Real-time Exploit Discovery reports suspicious exploit events for alert. Optional Cyber Console Software is available for networked CXI installations. CXI is also available for use as a third-party management software plug-in or as an SDK with APIs to access CXI database and configuration. Please contact imagine LAN, Inc. for availability and pricing.
The Cyber Exploit Discovery product line is easy to deploy and use without extensive security experience. These applications can even be used as training/education tools for cyber security instruction. They are available for systems running Microsoft Windows XP, Vista and Windows 2003 Server.
Filed under: Technology | Tagged: Security Toolkit
