In an era where cyberattacks are escalating in both frequency and complexity, establishing robust networks of technology partners and clients is essential for achieving success in cybersecurity. At it-sa Expo&Congress 2024, Europe’s leading cybersecurity industry event, we had the opportunity to showcase our commitment to this collaborative approach with our very own booth for the first time. This significant step has allowed us to elevate our engagement with partners, existing customers, and new contacts to new heights.

Learning from Intelligence Services: Unmasking APTs like the Pros

One of the highlights for me was the opportunity to present to an audience at it-sa. I discussed the serious risks Advanced Persistent Threats (APTs) pose to organizations, in my talk titled “Learning from Intelligence Services: Unmasking APTs Like the Pros”. (The presentation was delivered in German and can be found here on our Youtube Channel.) I also outlined strategies for the detection of these threats, which can be applied across various industries. It was encouraging to see many attendees express interest after the presentation, visiting our booth to learn more about our solutions and their advantages. 

Meet THOR: Detecting the Undetected

THOR is an advanced compromise assessment scanner designed to uncover traces of malicious activity across corporate networks. By automating forensic analysis, it identifies and neutralizes threats before they escalate, ensuring swift detection of malicious artifacts and providing security teams with the insights needed to mitigate potential damage. THOR enables organizations to enhance their security posture and respond effectively to both known and unknown threats.

Effective Cybersecurity extends beyond mere technological solutions

Conversations with customers, partners, and industry experts at it-sa reaffirmed our conviction that cybersecurity success relies on more than just technology. It calls for a collaborative mindset – one that values knowledge exchange, shared experiences, and expert insights.  

We are excited to continue this journey alongside our partners and clients. By working together, we aim to build a security framework that is both resilient and sustainable. The insights we gained at it-sa will be integrated into our daily operations, ensuring our clients’ defenses stay strong in an ever-evolving landscape. 

Dietzenbach, 13.02.2024 – Nextron Systems, a leading provider of innovative IT security solutions, continues its pioneering mission to combat and detect cybercrime at an early stage. As an emerging industry thought leader, Nextron is taking decisive action to protect organizations worldwide from the growing threats in the digital world.

According to industry association Bitkom, nine out of ten companies have experienced some kind of cyberattack in the past twelve months. Although increasingly overshadowed by state-sponsored espionage, ransomware still poses the greatest threat. Although the number of ransom payments here has fallen significantly, which is partly due to companies taking more precautionary measures, the average ransom paid in 2023 was still twice as high as in the previous year at around 1.54 million US dollars.

The threat of cyber attacks therefore remains omnipresent. However, conventional security tools repeatedly fail to detect them at an early stage, which is crucial for successfully fending off ransomware attacks. If attackers have been able to spread for days or even weeks after an undetected intrusion into a system environment, infiltrate more and more systems, set up new backdoors against sustainable removal, identify worthwhile targets in the network and set up channels for the transfer of large amounts of data, it becomes increasingly difficult to counter the attack and the costs for damage analysis and recovery of all affected systems increase disproportionately with the duration and depth of an attack.

Protection against hackers is primarily the responsibility of the company management

Given the significant challenges posed by cyber threats, it is crucial to be alerted as early as possible, ideally at the very onset of a potential attack. While only a limited number of tools possess the capability to offer such timely warnings, even fewer are equipped with the advanced technology necessary to identify the latest threats effectively. Among these, Nextron’s APT Scanner THOR stands out by employing a comprehensive set of generic rules designed to detect unknown threats. This innovative approach enables it to uncover even the most sophisticated attacks early on, thereby significantly reducing the associated risks and potential damages.

Compromise assessments and threat detection with innovative solutions such as those offered by Nextron are therefore not only essential for IT security managers, but also for company management in particular. As early warning systems, they enable companies to detect hacker attacks and initiate countermeasures before data is stolen, systems are encrypted or reputations are damaged, which can lead to significant destruction of company value.

Nextron – from hidden champion to thought leader in cybersecurity

Nextron’s THOR scanner is designed to complement traditional AV software and EDR agents by focusing on the subtle traces that Advanced Persistent Threats (APTs) leave behind, which other systems might miss. THOR aims to bridge the security gaps by detecting the remnants of sophisticated cyber attacks. This capability is critical because it enhances an organization’s ability to identify and respond to APTs that evade conventional detection. Additionally, when an EDR agent generates an alert, THOR can be utilized to verify the alert’s validity and assess the scope of the active threat, thereby offering a nuanced approach to cybersecurity.

The THOR Scanner, compatible with Windows, Linux, macOS, and AIX, employs a vast array of approximately 30,000 open-source YARA and 2,000 Sigma detection rules and signatures. This comprehensive set enables THOR to identify even the most subtle anomalies with high reliability. Nextron CTO Florian Roth notes that while THOR was initially designed to meticulously analyze indicators of compromise (IoCs) across various end devices within company networks, its capabilities have significantly evolved. Nowadays, this extensive set of detection rules provides much broader detection coverage than the IoC-based approach of the early days, ensuring a more robust and comprehensive security posture across diverse IT environments.

Reflecting on the state of digital forensics in 2012, Roth highlights the limited capabilities for automated analysis prior to the advent of THOR. While forensic tools available at the time did offer some assistance in organising investigations—such as creating timelines to focus searches within specific time frames on suspicious filenames and registry keys—the process was notably inefficient. Analysing a single disk image could consume several hours, significantly slowing down the pace of an investigation. This inefficiency underscored the pressing need for more sophisticated solutions like THOR, which would later transform the landscape of forensic analysis by enhancing speed, coverage, and the ability to detect nuanced anomalies.

 “To improve our forensic analysis tools, we had to develop new rule formats that allowed us to turn a detection idea into a rule that could be automatically applied in scanners or monitoring systems and shared with others as easily as a list of IoCs,” says Roth. And they have succeeded. In just a few years, Nextron Systems has positioned itself as a leading provider of Automated and Continuous Compromise Assessment software, driving the mission to effectively protect organizations of all industries and sizes from threats that other security solutions overlook.

Bad guys don’t stand a chance – We detect hackers

“We founded Nextron to constantly create new and advanced innovations in the field of early detection technology. Our goal is to set new standards and develop tools that extend the capabilities of traditional detection software, with a focus on early identification of previously unknown threats. My drive is to ensure that the bad guys don’t succeed with what they do.”

Fundamental parts of the product family are the ASGARD Management Center, which orchestrates the individual scans and makes them scalable millions of times over, and the ASGARD Analysis Cockpit, in which the scan results (events) converge centrally. The products are available both on-premises and as cloud solutions. Nextron also offers its Compromise Assessment as a managed service and provides recommendations in the area of incident response, giving B2B customers the best possible protection.

For more information about Nextron Systems and the leading technologies to combat cybercrime, please visit the official website: https://www.nextron-systems.com