Volcano

Next-Generation Memory Analysis

Modern digital investigations often require rapid response and collaboration between large internal and/or consulting incident response teams in dynamic large-scale environments. Volexity Volcano, a comprehensive, cross-platform, next- generation memory analysis solution, is designed to overcome the challenges associated with the mixed skill sets, disparate institutional knowledge, and limited access to evidence often inherent in these environments.

Out of the box, Volcano offers the functionality that responders need to conduct thorough, time-sensitive, enterprise-scale investigations. Driven by visualizations, workflows, and playbooks, Volcano’s powerful core extracts, indexes, and correlates artifacts to provide unprecedented visibility into systems’ runtime state and trustworthiness. It expedites analysis and operationalizes institutional knowledge by guiding investigators to relevant evidence with threat feeds, whitelists, and operating system profiles.

Features & Benefits

  • Collaborate with team members
  • Stay up to date with a dynamic threat environment
  • Orchestrate with playbooks and workflows
  • Access, analyze and interpret evidence
  • Visualize and correlate data
  • Reveal stealthy malware and zero-day threats

Case Study

Problem

A Fortune 500 Financial Services company did not have the necessary visibility into the state of their critical systems to proactively hunt sophisticated attackers. They also needed a way to rapidly disposition the large volume of alerts that were consuming their time and resources.

Solution

Volcano provided the capability to reconstruct the state of the system based on the data found in volatile memory and thus limit the places attackers could hide. It also provided a collaborative mechanism that they could use to rapidly investigate suspected systems and potential malware.

Benefit

The company now had the visibility required to proactively interrogate the state of their systems and rapidly detect any anomalies. By leveraging the context that can only be found in memory, they were also able to dramatically reduce the time spent triaging false positives and reverse engineering malware.