Overview
Protecting your organisation by swiftly detecting and responding to the
threats that target it
Minimise the risk of cyber-attacks going undetected and impacting your organisation’s finances, reputation and compliance status. Kroll Responder expands threat coverage and visibility across your environments, detecting malicious activity in its early stages and accelerating the time it takes to respond effectively.
Learn how Kroll Responder helps protect your organisation against the latest adversarial techniques.
Use Cases
Use Case
Malware
Malware is a common attack vector used by adversaries to harvest user credentials, exfiltrate data and extort money. Kroll Responder harnesses signature and behaviour-based threat detection techniques to identify the latest malware threats, including ransomware and cryptomalware, as well as fileless and polymorphic variants. Automated incident response actions enable threats to be contained and eliminated before they spread.
Use Case
Privilege escalation
System vulnerabilities and misconfigurations can allow attackers to gain elevated access to systems and assets that are normally restricted. Kroll Responder uses the latest behavioural monitoring technology to closely monitor the activities of privileged users, identify privilege escalation techniques and detect attempts to exfiltrate data.
Use Case
Lateral movement
Upon establishing a foothold on a network, attackers will attempt to pivot through systems and accounts to reach their end goal. Kroll Responder helps detect lateral movement by identifying privilege escalation, efforts attempts to install remote access tools, and changes to access controls.
Use Case
Compromise of trusted hosts
A large proportion of attacks target endpoint devices such as servers, workstations and laptops. Kroll Responder baselines the activity of hosts to help detect unusual behaviour such as spikes in network traffic, unknown communication sources, and the deactivation of security controls.
Use Case
Data exfiltration
To achieve a high level of data security, it’s important to know when sensitive data is modified, copied and erased. Kroll Responder continuously monitors the integrity of files, protocols and applications that facilitate the transfer of data, and for evidence for command and control (C2) activity.
Use Case
Policy violation
Tracking adherence to information security policies and standards is a good way to uncover suspicious activity. Kroll Responder helps to detect threats by monitoring employee and system attempts to access restricted resources, including unusual out-of-hours requests.
Use Case
Credential access
To steal account names and passwords, adversaries deploy credential harvesting malware, and use brute-force and credential dumping techniques. Kroll Responder can help detect credential access attempts by monitoring for use of weak passwords, account lock outs and login attempts from unknown locations.
Use Case
Cloud-focused threats
Many cyber security threats now specifically target cloud environments. Kroll Responder can help to achieve cloud visibility by monitoring public, private, hybrid and virtualised cloud environments for suspicious user, system and application activity.
Use Case
Supply chain compromise
If your organisation is dependent on a growing ecosystem of partners and suppliers, there is an increased risk of a supply chain compromise. Kroll Responder helps prevent third party compromises by closely monitoring user accounts, applications and web sites for suspicious activity.
Use Case
Phishing
Despite the adoption of more intelligent prevention technologies, there is always a risk of employees receiving and falling victim to phishing emails. Kroll Responder provides an extra layer of protection against phishing attacks by integrating with secure email gateways and popular email tools such as Office 365 and Gmail to improve detection of suspicious activity.
Use Case
Insider threats
People, whether acting out of negligence or malice, are one of the top causes of data breaches. Kroll Responder leverages advanced User and Entity Behaviour Analytics (UEBA) to help better identify compromised accounts, privilege abuse and other suspicious user activity that could suggest an insider threat.
Use Case
Zero-day attacks
Detecting previously unknown threats is challenging but achievable with the right tools and data. Kroll Responder integrates the latest cyberoffensive intelligence, high fidelity telemetry and a range of analytics-based technologies to hunt for evidence of new adversarial tactics, techniques and procedures.
Get in touch
Complete the form for a prompt response from our team.