Tripwire Introduces 'Search by Hash' Functionality for Endpoint Threat Intelligence Automation
PORTLAND, Ore. — November 19, 2015 — Tripwire, Inc., a leading provider of advanced threat, security and compliance solutions, today announced new search by hash functionality in Tripwire® Enterprise that can be used to automate and operationalize threat intelligence.
Cybercriminals obfuscate malware by using “known-good” file names, making it difficult to find and remove these malicious files. Because most users don’t verify all of the files released in every vendor patch, a common attack method is for malware to be inserted into software updates.
New functionality in the application programming interface (API) for Tripwire Enterprise automates the search for malicious hashes by allowing customers to quickly determine whether a bad hash value exists on monitored systems. The API automates the search for specific malicious files in real time and can also be used for ongoing monitoring.
The new API functionality allows customers to import a list of malicious hashes from a variety of sources, including US-CERT, making it possible to look for bad file hashes across a large number of endpoints using a forensic approach. This makes searching for malicious files efficient and scalable.
Organizations can incorporate an automated feed of Indicators of Compromise (IoC) from TAXII servers. These servers receive IoC from industry-specific Information Sharing and Analysis Centers and other providers of open source threat intelligence. Tripwire Enterprise customers can also integrate feeds from tailored commercial threat intelligence services, such as CrowdStrike or iSIGHT Partners.
“Tripwire's customers are receiving new indicators of compromise from a variety of threat intelligence sources," said David Meltzer, chief research officer for Tripwire. “The new search by hash API functionality in Tripwire Enterprise can help organizations utilize threat intelligence programmatically to determine if specific malicious files have ever existed on any Tripwire monitored system. It can also be used to make users immediately aware of these files if they show up at any point in the future.”
Search by hash API functionality is available now in the most recent release of Tripwire Enterprise. For more information, please visit:
Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com, get security news, trends and insights at https://www.tripwire.com/blog/ or follow us on Twitter @TripwireInc.