CAWS Threat Discovery and Analysis

Every day, CAWS crawls hundreds of thousands of URLs using NSS’ one-of-a-kind, geographically-distributed BaitNET architecture—one of the world’s largest live capture environments. In addition to our active crawling, CAWS enables customers to submit their own URLs and files for real-time analysis in our enterprise harness.

Unlike other threat analysis solutions, CAWS focuses on both the exploit and the payload—recording and validating the exact way malware is being delivered to victims. By starting with the exploit and providing end-to-end visibility into its modus operandi, CAWS enables enterprises to break the kill chain earlier in the attack cycle.

But CAWS doesn’t stop there. After an exploit is captured and harvested, it is replayed in the NSS harness against a replica of the customer environment to identify an organization’s specific exposure to the threat.

Analysis Solutions
CAWS doesn't stop there

Customers get detailed threat metadata, including:

  • PCAP, SAZ, and Shell Code
  • Source URL and IP addresses
  • Targeted operating systems and applications
  • Network connections observed, including all C&C communication
  • Detected file(s) and file hashes (MD5, SHA1, SHA256)
  • Static payload analysis
  • Malware classification
  • Customer-specific indicators of attack (IOAs)

The result is real-time visibility into relevant threats that are live in the wild, enabling security teams to cut through the noise and prioritize actions to focus on the threats that matter most.