Tripwire Introduces 'Search by Hash' Functionality for Endpoint Threat Intelligence Automation
Industry leading solution simplifies detection, verification and removal of malware at the endpoint
PORTLAND, Ore. — November 19, 2015 — Tripwire, Inc., a leading provider of advanced threat, security and compliance solutions, today announced new search by hash functionality in Tripwire® Enterprise that can be used to automate and operationalize threat intelligence.
Cybercriminals obfuscate malware by using “known-good” file names, making it difficult to find and remove these malicious files. Because most users don’t verify all of the files released in every vendor patch, a common attack method is for malware to be inserted into software updates.
New functionality in the application programming interface (API) for Tripwire Enterprise automates the search for malicious hashes by allowing customers to quickly determine whether a bad hash value exists on monitored systems. The API automates the search for specific malicious files in real time and can also be used for ongoing monitoring.
The new API functionality allows customers to import a list of malicious hashes from a variety of sources, including US-CERT, making it possible to look for bad file hashes across a large number of endpoints using a forensic approach. This makes searching for malicious files efficient and scalable.
Organizations can incorporate an automated feed of Indicators of Compromise (IoC) from TAXII servers. These servers receive IoC from industry-specific Information Sharing and Analysis Centers and other providers of open source threat intelligence. Tripwire Enterprise customers can also integrate feeds from tailored commercial threat intelligence services, such as CrowdStrike or iSIGHT Partners.
“Tripwire's customers are receiving new indicators of compromise from a variety of threat intelligence sources," said David Meltzer, chief research officer for Tripwire. “The new search by hash API functionality in Tripwire Enterprise can help organizations utilize threat intelligence programmatically to determine if specific malicious files have ever existed on any Tripwire monitored system. It can also be used to make users immediately aware of these files if they show up at any point in the future.”
Search by hash API functionality is available now in the most recent release of Tripwire Enterprise. For more information, please visit:
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.