Stairwell platform

Key use cases

Security teams use our comprehensive and flexible platform to improve the effectiveness of their security programs and detect threats — even malware variants — that would otherwise be overlooked. Here are five example use cases.

Get ahead of malware variants

Discover variants before they are reported

Once you know that your organization has been hit with malware, response time is critical. Attackers have a time advantage even after their malware is made public because they know how to alter their files so that they can pass through your traditional defenses. AV and endpoint solutions won’t find these variants until the known signatures are available and even then these products only analyze new incoming files.

The search for variants is traditionally done by skilled threat analysts who spend hours or even weeks reviewing potential variants and comparing them. It’s a complex task that’s prone to error and requires a number of techniques and tools.

The Stairwell platform changes all that; it allows variant discovery with the click of a button and returns high-fidelity results in seconds. This gives your SOC analysts and threat hunters insight into potential new variants and associated IoCs across all time horizons. You can easily take the IoCs and investigate your entire file history and all endpoints.

Watch Demo

Make the threat-of-the-day a non-event

Know whether your organization is impacted

Whenever a cyber event such as a supply-chain attack or new ransomware campaign makes the headlines, you and your security team are called upon to rapidly respond to determine  if you’re impacted. Security teams scour threat briefs from their threat intelligence vendors or visit their trusted security blogs looking for related IoCs. Once they obtain IoCs (IPs, hostnames, YARA rules etc.) they use them to learn if you’ve been impacted, often by searching SIEM logs.

But what if your anti-virus vendor doesn’t have signatures? Or the malware doesn’t create entries caught by your SIEM? Or the malware existed but was later deleted? The Stairwell platform solves those problems, allowing you to efficiently run IoCs against your entire file corpus to see if there are any matches and know whether your organization has been impacted.


Detect hidden threats

Move from point-in-time to continuous detection

It’s a sobering fact that malware-led attacks, supply-chain vulnerabilities, and ransomware are on the rise; all organizations are within the crosshairs of persistent malicious actors. Even organizations spending millions of dollars on their security program are susceptible to threats that get through their current detection and prevention stack.

A key reason that malicious activity is missed is that traditional threat detection solutions are “point-in-time” and can only detect the state of an object or action at a specific instant — when the file is written or an executable is run, for example. The knowledge needed to detect new attacks is often not available at a specific time of inspection. The Stairwell platform exposes hidden threats by continuously analyzing your environment against the latest threat intelligence from multiple sources and uncovering threats that would otherwise remain undetected.


Create customized defenses with contextual intelligence

Identify the IoCs that matter most to your organization

Threat intelligence can play a role in every aspect of detection and response including detection of attacks, incident response, and protection from future attacks by blocking bad actor IoCs. Advanced cybersecurity organizations typically subscribe to more than a dozen threat intel feeds from various sources (vendors, ISACs and open source), and dedicate team members to try to maintain and operate tools that help them manage the resulting flood of data.

All that information can be overwhelming if you don’t know how to use it. Meanwhile, you may be overlooking important data that resides inside your own environment. With its inside-out approach, the Stairwell platform extracts IoCs and observables from suspicious files in your environment. This keeps the volume low and ensures that the identified IoCs are applicable to your organization.


Triage with research-grade understanding

Quickly identify and triage emerging threats

Triaging alerts may be done by SOC analysts at larger companies, IT gurus at smaller companies, or by technology service provider partners working for a number of companies. Regardless of the role, they are always under tremendous pressure to make quality decisions about whether files are malicious or not in a limited time.

Unfortunately the tools available don’t make the job easier; traditional static and dynamic malware analysis tools are disjointed and an incident responder has to spend a lot of time examining the findings and correlating the data. The Stairwell platform changes that, providing your team a one-stop-shop for ongoing deep-file static and dynamic analysis of potential malware presented in an easy-to-use interface. It gives your team the ability to triage every alert with a wealth of understanding.