Minerva’s Incident Response

Minerva’s Anti-Evasion Platform automatically stops threats that are designed to evade other
security tools, such as malware sandboxes as well as traditional and “next-gen” anti-malware


Minerva’s IR is a powerful tool in the hands of an incident response team reacting to an intrusion. In this scenario, Minerva’s IR not only disables malware that bypassed security
controls, but also contains it to give responders time to contain and eradicate the threat.


Minerva’s approach augments existing enterprise security controls without overlapping with
their functionality. Minerva’s IR is especially effective against threats programmed to avoid forensics environments to stay under the radar of security vendors, as well “fileless” attacks that employ memory injection techniques and malicious document files.


Incident response teams that deploy Minerva’s IR during an active malware outbreak are able to quickly neutralize the threat and rapidly return the organization to a safe and productive state.


Neutralizing Malware During Incident Response
When malware finds its way into the enterprise, incident responders need to react quickly to locate and contain the malicious software. Armed solely with investigative Endpoint Detection and Response (EDR) and forensics tools, IR teams often engage in manual steps to terminate the offensive processes or otherwise disable the attacker’s tools and prevent malware from spreading. This is a time-consuming, error-prone effort that requires deep expertise and can quickly drain the individuals involved in the efforts that often feel like the game of Whac-A-Mole. Since the malware involved in the incident somehow found its way past the organization’s security controls, deploying Minerva’s Anti-Evasion Platform as part of the IR process contains the threat automatically and quickly. The solution automatically neutralizes
evasive malware in several ways:


• Make all endpoints in the enterprise into virtual hostile environments that force malicious programs into terminating their own processes.
• Prevent “fileless” or packed malware from placing its malicious code in memory space of another process, causing such malicious programs to break, terminate themselves, and cutting off their ability to reinfect systems using memory injection techniques.
• Disarm malicious document files, which often get past other anti-malware tools and are used by adversaries for both initial infections as well as to propagate within the organization as innocuous-looking email attachments.


By deploying Minerva’s Anti-Evasion Platform during incident response, even if the environment is infested with malware, the organization can neutralize the threat automatically, so it has the opportunity to eradicate the infection and return the enterprise to a normal state of operations.


Containing Malware Through Vaccination
Another powerful capability of Minerva’s IR allows incident response teams to “vaccinate” endpoints against certain malware families to contain the attack.

Minerva gives customers the ability to centrally simulate the presence of mutex-based injection markers across all enterprise endpoints with a few clicks. This approach avoids cluttering the system with unnecessary artifacts, doesn’t interfere with legitimate applications or confuse end-users.


Containment Without Business Disruption
Minerva’s Anti-Evasion Platform stops active malware even if when not preemptively deployed, containing the threat in a manner that’s more precise and less disruptive to business than the traditional steps of taking full systems or even networks offline.


Light and Fast

Minerva’s lightweight agents are designed for rapid deployment across all enterprise endpoints. They are easy to rollout without manual steps, don’t consume system resources in any noticeable way, avoid interfering with malicious applications and require no reboots. As a result, Minerva’s solution is a powerful and unique addition to the incident responder’s toolkit.