Kanwa
かんわ
Today's malware requires a fast and competent response. As the level of difficulty introduced by increasingly complex attacks continues to increase, interaction with the infected system is necessary to ensure the best possible response.
From this need was born Kanwa, the "mitigator" (translation from Classic Japanese). Connecting an analyst directly with the infected system is Kanwa's objective, which silently and without weighing down the host system carries out mitigation operations guided directly by the analyst and Threat Intelligence of the Yoroi system.
The solution includes two separate functionalities available to the Company's defence analysts:
1) "Detection" functionalities allows you to verify the existence of particular processes, files and/or registry keys in order to make possible the timely identification of any infections in progress.
2) Targeted intervention functionality to proceed to the possible deletion of these malicious processes, files or registry keys remotely, mitigating the threat in a timely manner without direct intervention of the IT department.
Kanwa is an end-point protection software solution that can monitor the operation of the host PC for the presence of Indicator of Compromise (IoC) in order to mitigate any threats related to the host PC. PC status monitoring and threat mitigation, if any, can occur in two different ways:
In addition, Kanwa allows Yoroi Analysts to conduct in-depth investigations on board the host PC by providing the following information upon request:
In case the security solution determines the existence of one of the malicious components mentioned above, it will attempt the resolution following the Automatic/Manual methods previously set. Possible resolutions include:
Solution Features
The solution includes two separate functionalities available to the Company's defence analysts:
1) "Detection" functionalities allows you to verify the existence of particular processes, files and/or registry keys in order to make possible the timely identification of any infections in progress.
2) Targeted intervention functionality to proceed to the possible deletion of these malicious processes, files or registry keys remotely, mitigating the threat in a timely manner without direct intervention of the IT department.
Kanwa is an end-point protection software solution that can monitor the operation of the host PC for the presence of Indicator of Compromise (IoC) in order to mitigate any threats related to the host PC. PC status monitoring and threat mitigation, if any, can occur in two different ways:
- ● Automated (i.e. without human interaction) but accessing mitigation specifications through Yoroi's Threat Intelligence
- ● Manual (i.e. with human intervention) led by Yoroi Analysts
In addition, Kanwa allows Yoroi Analysts to conduct in-depth investigations on board the host PC by providing the following information upon request:
- List of files in the system (manual investigation)
- List of processes in progress This information is essential in the case of a digital investigation.
Possible mitigations
In case the security solution determines the existence of one of the malicious components mentioned above, it will attempt the resolution following the Automatic/Manual methods previously set. Possible resolutions include:
- ● Deletion or quarantine of malicious files
- ● Deleting malicious registry keys
- ● Termination of suspicious processes
