Briefs & sheets

Detect hidden threats

Discover the undiscovered

The Stairwell platform enables you to efficiently identify suspicious artifacts and malware that have evaded your security controls. Stairwell is a virtual evidence locker for your assets’ files, so their telemetry can always be compared to the latest threat intelligence and statically and dynamically analyzed to uncover threats that would otherwise remain hidden. Even your previous investigations of suspicious activity are preserved for ongoing analysis by the platform.

Once Stairwell helps you identify malware-led attacks, supply-chain vulnerabilities, or other threats, it enables you to streamline your triage, investigation, and remediation process, and create tailored defenses that attackers cannot test against.

Where does traditional threat detection have gaps?

Attackers have access to the same detection technology that you use! They test against off-the-shelf detection tools, building evasive attacks that bypass your defenses.

Threats get through your current detection and prevention stack. A key reason that malicious activity is missed is that threat detection solutions are “point-in-time” and can only detect the state of an object or action at a specific instant — when the file is written or an executable is run, for example. The knowledge needed to detect new attacks is often not available at a specific time of inspection.

Third-party exposures may be opaque. Developers of software used by vendors in your supply-chain do not reveal all the elements of their software, so even publicly-known vulnerabilities may not be apparent without deeper investigation.

Current threat analysis processes rely on humans under time constraints who will occasionally misjudge. Current processes do not support revisiting prior judgments.

The actual files – the essential telemetry details – are lost. By the time you discover you have missed an attack, the malware has been able to clean itself up and cover its tracks.

Unlock time to identify hidden threats – and defend against them!

Stairwell isn’t point-in-time; it unlocks time! Stairwell does continuous analysis of all the states of your environment, past, present, and future. It can do this because it pre-preserves the evidence from the files in your environment. It’s a virtual evidence locker for your assets’ files with all the telemetry intact, unlike log files where data is lost. This means the file telemetry can always be compared to the latest threat intelligence and statically and dynamically analyzed to uncover threats that would otherwise remain hidden.

Judgments can always be revisited. Stairwell takes some of the stress and time pressure off your security team because judgments made quickly and without enough context about whether a file is malicious can be easily revisited when new information comes in. The process is continuous and the evidence is preserved for constant re-evaluation.

Create custom defenses that attackers can’t perceive. The intelligence that Stairwell’s process creates is specific to your organization and it allows you to create tailored defenses for your environment that attackers cannot test against.

Who’s using it

Organizations and security teams in all industries find value with Stairwell:

  • SOC analysts benefit from Stairwell as a source for trusted alerts and endpoint alert triage. Their role is less stressful because they are no longer the last line of defense.
  • Incident response engineers are able to investigate newly-identified attacks with evidence that’s been pre-preserved with chain-of-custody intact.
  • Detection engineers harvest custom threat intel and use it to write detection rules for newly identified threats.
  • Threat intelligence and hunting analysts use Stairwell to identify suspicious file objects and hunt for attacks that were missed by other tools.
  • CISOs use the Stairwell platform for threat detection oversight. They gain peace of mind that their team has the ability to find latent malware infections and missed attacks.
Background pattern