Advanced capabilities for reactive intrusion response and proactive threat detection.
Intelligent, lightweight (<1% CPU) host-based sensor that collects and forwards all security-relevant information from Windows-based hosts to cloud-based or self-hosted server. Details
Advanced detection engine to detect Mimikatz-style password dumping, kernel-mode exploitation (local EoP), process injection, unauthorized lateral movement, and other attacker activity. Uses advanced rule-based and machine-learning algorithms. Details
Easily search all collected data to provide answers for reactive intrusion response investigations and proactive threat detection. Details
From a central console, easily terminate processes or delete regkeys. Instantly search process memory for a yara expression across all hosts. Details
Good analysis begins with good data. Events collected by our platform are enriched with context information from the system. For example, each network connection is associated with its originating process, user, time, etc.
Continuous monitoring without compromising overall system performance. The Veramine sensor is aggressively optimized to minimize system overhead. After an initial enumeration period, the sensor consumes < 1% CPU.
Veramine provides the raw or contextualized collected data to analysts for bespoke search or analysis operations via inbound API access or outbound syslog. Connect clients to the default Veramine-hosted server or manage it yourself.
Veramine's intelligent sensor and advanced detection algorithms
detect common and sophisticated attacks
New Windows kernel 0day exploit in the wild? Our system can generically detect both known and unknown kernel exploits on all supported platforms!
More advanced attackers blend their malicious activities with normal system activities via remote thread injection. Our platform automatically tracks and detects such activities.
Attackers commonly dump, collect, and reuse user credentials to gain further access in your network. We automatically detect these activities.
Want to know which users downloaded a "greetingcard.exe" from Outlook and executed it? We can instantly provide the answer.
Ever wonder which users don't encrypt their HD? What about those who don't lock their machines or have a screensaver set? We can tell you the answer and save you money on the compliance audit and energy bill.
All data in our platform is fully searchable so you can slice and dice it as as you see fit. Want to process our data with your own Apache Hadoop or Spark analysis framework? We can stream the events to your system in real time.
The Veramine free product displays the current day of activity. Our paid product allows browsing and search across as long a time range as the sensor is running.
The founding team's background and expertise spans kernel development, cryptographic engineering, vulnerability analysis, and incident response.
The team has experience operating in very large academic, military/goverment, and enterprise environments. We have analyzed the most sophisticated attacks and built the Veramine platform to defend against determined adversaries. The team previously worked at Microsoft in security engineering roles.
Detection & Machine Learning
Two versions of the Veramine cloud-hosted service are currently available
Same collection client as paid product. Detection limited to four rule-based detections. Events are collected from up to 20 hosts per organization. Browse and search over the current day's collected events.
Paid product uses more extensive rule-based detections and additional advanced machine-learning enabled process profiling, network data exfiltration detection, and user logon anomaly detection.
Subscription priced based on number of hosts on which client is installed and duration you would like the data retained for search and browse.