THREATPOINT makes it easy to identify potential malicious threats from various digital artifacts. This includes any file, program, document, image, link, script, or email that is potentially malicious.
ThreatPoint puts a powerful set of automated analytical tools at the fingertips of your help desk, security operations center, forensic investigators, and even ordinary users. Novice users can get quick answers about suspicious artifacts just by uploading them and reviewing a report, and experts can dive deep into the technical details and behaviors of advanced threats.
How ThreatPoint Works
THREATPOINT scans artifacts for known or unknown threats. Leveraging the power of open-source and patented Dovestech technology, ThreatPoint conducts flexible but powerful analyses of supported file types in near-real-time.
- SIGNATURE MATCHING. ThreatPoint scans artifacts for known malicious signatures.
- EXTRACTION. ThreatPoint identifies, decodes, and saves important elements from each artifact. This saves forensic investigations valuable time.
- TRANSFORMATION. ThreatPoint converts the artifact or its extracted elements into a format suitable for deeper analysis or searching. Where appropriate, it converts the artifact into a readable or previewable form.
- EXECUTION. ThreatPoint opens or executes the artifact in a carefully instrumented environment, observing and recording its behavior.
- SUMMARY. ThreatPoint loads and distills its analysis into a human-readable report so you can rapidly assess and mitigate the threat.
ThreatPoint automatically identifies known threats, flags suspicious artifacts, and decodes binary files for network and system threat awareness. Its powerful deterministic expert system normalizes an artifact’s analytical results and converts them into a clear, actionable report on the threat.