Triage every alert with research-grade understanding
Identify dormant and active malware threats
The Stairwell platform provides your team a one-stop-shop for ongoing deep-file static and dynamic analysis of potential malware and presents all of the information in an easy-to-use interface. Stairwell also provides file enrichment APIs that can pull information directly into your SIEM and/or SOAR.
Once your files are loaded into Stairwell via the lightweight file forwarder, they are continuously evaluated against the latest threat intelligence that includes the Stairwell platform’s shared corpus of hundreds of millions of malware samples. Potentially malicious files in your current environment are identified and matches in prior states of your environment are identified and can be re-examined. You can also set notifications for future matches.
Stairwell can compare the features of suspicious files against the overall file corpus of your organization and highlight any files that look similar to the bad ones. The deep-file analysis capabilities of Stairwell help your investigators analyze these matches for maliciousness.
You can also use the Stairwell platform to analyze files from systems that you believe were infected on an ad hoc basis.
Why is it so difficult to ID malware and triage it?
Traditional static and dynamic malware analysis tools are disjointed and an incident responder has to spend a lot of time examining the findings and correlating the data. There are no other tools in the market except Stairwell that help incident responders or threat analysts comb the organization for files that are similar to known malicious files — files with similar origins, publishers, behaviors, etc. — that may have evaded detection.
With traditional approaches, responders can’t continue to analyze suspicious files as new threat intel becomes available because the telemetry isn’t preserved.
Quickly identify and triage emerging threats
Unfortunately, nation-state attacks, ransomware, and widespread supply chain threats that could impact your organization are the new normal. Using the Stairwell platform, you can evaluate threats in the context of your own network, along with the built-in threat knowledge of an experienced researcher. You can create processes for responding to newly identified threats in an efficient, coordinated, business-as-usual fashion:
- Eliminate delays with an immediate search of your environment
- Establish emergency triage processes
- Establish communication processes within your organization and your customers in the event of either exposure or no evidence of the IoC
Who’s using it
Organizations and security teams in all industries find value in Stairwell’s ability to continuously scout for malware and trigger team triage:
- The entire Security Operations team can more effectively identify malware and initiate triage. They have peace of mind that when they make a time-constrained error in the status of a file that their judgment can be revisited and the essential telemetry will still be available.
- CISOs benefit from the Stairwell platform’s virtual evidence locker. Since potentially malicious artifacts are preserved, their team can unlock time when investigating malware.
- Managed service providers can use the Stairwell platform to efficiently identify and triage malware across a number of customer environments. The Stairwell platform is multi-tenant and there is no crossover of data between environments.