STRONGARM: An Incident Response Platform

May 28, 2015 | By

STRONGARM is the first incident response platform designed to help security analysts and incident responders:

  • DEFEND information and people
  • DISCOVER compromise immediately, not days, months, or years later
  • RESPOND efficiently and accurately

Incident responders lack the capabilities necessary to sufficiently defend against, understand, and remove adversaries from their networks.

STRONGARM is comprised of three components:

  • DNS
  • Blackhole
  • Dashboard

Analysts configure STRONGARM to ingest threat intelligence about adversary command-and-control servers using the Dashboard. STRONGARM DNS redirects victims on the analysts’ network to the STRONGARM Blackhole. The Blackhole understands the underlying malware protocol, interacts with the malware on the victim system, and provides information about the victim.

Better information enables incident responders to understand the scope of an intrusion, react quickly, and respond to the situation with confidence. This improves protection for both businesses and people.

To get started using STRONGARM, register for a free account. Configuration is as simple as setting up your DNS and telling STRONGARM your public IP address.