Adversarial Analysis and Attribution
The VLI Attack Attribution Platform
VLI’s mission is to provide automated, actionable, and evidence-based threat intelligence to systemically important organizations. VLI continuously tracks infrastructure used by nation-state and nation-state-sponsored adversaries used to deploy Advanced Persistent Threats (APT) and other sophisticated attacks. VLI’s Attack Attribution platform automatically analyzes petabyte-scale data sets to discover Indicators of Compromise (IoC) without installing endpoint software agents or requiring privileged access to partner organizations’ networks.
- Continuous and scalable tracking of APT infrastructure used to deploy and command malware, exfiltrate sensitive information, and conduct sophisticated emergent attacks.
- SaaS cloud-based solution meets industry and government security standards and data residency requirements.
- Enriched Threat Intelligence on adversary emerging tactics, techniques, and procedures (TTPs).
- VLI’s analysis leverages partners’ existing passive DNS, active DNS, and NetFlow data to help SOC analysts better understand new attack vectors, perform incident response, and defend against future attacks.
- Platform- and vendor-independent solution minimizes SOC and engineering deployment effort, time, and cost.
- Privacy-preserving solution does not collect Personally Identifiable Information (PII).
VLI’s Attack Attribution Platform can help organizations:
- Identify previously unknown Indicators of Compromise (IoC).
- Provide Evidence-based Attack Attribution for nation-state sponsored attacks.
- Minimize Time-per-Incident by prioritizing investigations of IOCs.
- Reduce cost of existing security-relevant data collection efforts.
- Identify gaps in partners’ 3rd-party security products.
- Eliminate blind spots in security telemetry.