Binary Defense is excited to announce additional supported platforms for the managed endpoint detection and response (MDR) software called Vision. When we first released Vision, it was with the mindset of identifying early warning indicators of compromise (IoC) and to provide companies immediate visibility to threats happening real-time. With this release, we gain additional visibility and coverage on multiple platforms including macOS (OS X) and Linux. This release also adds continued enhanced detection capabilities ranging from more generic/commoditized attacks all the way to extremely advanced attack vectors and through the attack lifecycle. We have a newly designed dashboard, which helps with easy analysis of alarms, and rapid response and mitigation with containment mode.read more →
It is fairly common knowledge among security professionals that security information and event management (SIEM) technologies...
Posted on September 13, 2017
When WannaCry hit, the news sent shivers down the world. Reports of hospital outages and super secret tools used by the NSA (Equation Group) that could hack into any version of Windows was released to the public. During this period of time, the community warned of more waves were soon to come. This started yesterday around June 26, 2017 primarily in Ukraine and Binary Defense started to see some of the first large infections of Petya (or some calling it NotPetya) happening at other geographic locations early this morning. On the surface, this appeared to be another EternalBlue/MS17-010 campaign being used on the surface and a new variant. No-one at the time knew exactly how the infection methods were being used, but multiple companies jumped the gun and reports claimed multiple avenues including HTA attack vectors, email campaigns with attached word and excel documents.read more →
We are proud to announce the latest release of Vision version 3.1. This release adds substantial enhancements both on the server platform and the Vision agent. This includes new app whitelisting bypass detections (regasm, regsvsc, and more), System.Management.Automation.dll PowerShell bypass techniques, and improved process injection detection. In addition, the agent has been slimmed down both size wise as well as impact and performance to the system. Currently Vision takes 0.01 CPU usage and 32 megabytes of RAM. A newly designed dashboard user-interface allows simplistic ease of information and quick access to relevant information about the latest indicators.read more →
When we started with Binary Defense’s Vision platform years ago, we knew it would be a long road and something to where we would continuously get better over time. Our motto is to always do things the right way, and build in the knowledge of attack intelligence through the industry to help the industry get better in defense.read more →