Cerberus is the malware triage and analysis component of AccessData’s Cyber Intelligence & Response Technology (CIRT) and the ResolutionOne Platform. It is also available as an add-on to FTK. The first step towards automated reverse engineering, Cerberus provides threat scores and disassembly analysis to determine both the behavior and intent of suspect binaries. This automated malware triage and analysis allows you to gain actionable intelligence in seconds to validate threats and take decisive action prior to engaging a malware team for traditional analysis.

Achieve signature-less malware detection with proactive threat scans of your enterprise

Cerberus Works in Two Stages:

Stage 1

During Stage 1 analysis, Cerberus tallies attributes of each binary to generate threat scores that approximate how “dangerous” each binary might be. Stage 1 looks for characteristics that are immediately apparent, such as “does this binary contain a valid digital signature?”, “is this binary packed?”, and “what OS functions does this binary import?” Therefore the Cerberus Stage 1 analysis is extremely fast and can be run against a large number of binaries quickly.

Stage 2

In stage 2, Cerberus simulates code execution to extract arguments that reveal the behavior and intent of the binary. For example is it calling out to an external domain? Does it have command and control functionality? This is done without running the code in a sandbox, which avoids the risk of triggering defense mechanisms built into the malware.

Reducing Response Times with Integrated Malware Triage

Triaging potential malware with Cerberus gives first and second responders immediate actionable intelligence without waiting for a malware team to spend days or even weeks employing traditional methods of analysis. The Cerberus technology feature in CIRT provides response teams with critical threat information that they can then correlate and verify with the integrated network.