Orion

To meet the needs of a constantly evolving world, Telsy offers Orion, a Threat Intelligence platform completely developed internally and with proprietary code.
Orion is a web analysis and correlation platform designed for predictive and preventive defence against APT malware and offers context details and information about malicious campaigns aimed at digital espionage and/or infrastructure sabotage.
Orion is a platform designed to be used by staff working in SOC or CERT of the client and third parties, and provides useful details in order to correctly assess emerging scenarios in targeted attacks of the APT type.

• Orion processes an average of 100k new domain names daily by applying detection algorithms based on specific fingerprinting from research activities by associating a degree of risk per hostile actor.
• It has a database greater than 1000 subnets / 24 associated with operations conducted by APT actors and cyclically applying detection algorithms on them for the preventive discovery of CnC.
• It has a proprietary database useful for investigations via DNS with a historical data dating back to 2014.
• Autonomously correlates malware drop points, CnC and «bait» documents.
• It has a scan engine for the automated identification of over 150 families of malware aimed at data exfiltration.
• It is able to recognize over 5k malicious routines autonomously and associate them with samples belonging to hostile groups of typology APT / Crime.
• Allows access to structured reporting on typical threats APT and Cyber Crime.
• Allows access to a dedicated investigation platform for APT and Cyber Crime threats.
• Allows access to updated, exclusive and usable compromise indicators through dedicated feeds.
• Allows access to documents and information found and collected in industry channels and searches on the “dark web”.

Study and continuous search for malware samples, enables Telsy to extract compromise indicators such as domain names and IP addresses, and evaluate their interaction with public infrastructures on the Customer side.

Following the detection of indicators of impairment, Telsy is able to obtain detailed telemetric readings regarding the state of diffusion of the most common IT threats at the a global level.

Module that allows dynamic analysis of malware and behavior analysis.
Through apposity interface, the user can load the malware directly into the sandbox which will detonate. The detonation result will then be displayed in the summary screen.
The “Telsy” sandbox is based on a widely customized version of Cuckoo, an open source automated malware analysis system, with the aim of outlining the actions of the malware while running in an isolated operating system.
The solution based on common Windows 7 64bit machines, deliberately made vulnerable in a controlled environment, has been hardenized to make the most well-known vm-detection techniques exploited by the majority of malware ineffective which would also make the detonation of the same on a standard sandbox useless.
The final result will generate a report which foresees:
· Evidence of call traces performed by all processes generated by malware;
· Files created, deleted and downloaded by malware during its execution;
Memory dump of malware processes;
Track network traffic triggered by malware;
· Dump (optional) of complete machine memory
All reinforced by the feeds made available
by the Telsy TI platform for the recognition of the malware family analyzed, through the proprietary Yara rules shared by the community.

Is a DNS service that protect your network, avoiding any contact with malicious server