How to Use It
Its search engine interface can be used by anyone, from the board of directors and CEO to the Chief Risk Officer, Chief Compliance Officer, Chief Information Security Officer, Incident Response team and more. The APEX™ API also feeds intelligence into existing SIEMs or any business intelligence platforms.
Upward red arrow means the attack is escalating and the malicious activity is increasingly significantly overall.
Downward green arrow confirms that the compromise has slowed down, which may be due to remediation efforts by the affected company. However, it could also be a deliberate effort by the malware controller to “go quiet” in order to avoid detection by the in-house security team.
Straight black arrow suggests the compromise has stabilized and is showing lower signalling.
 |
Severe (highest level of risk): There is very recent attempted communication with threat actor infrastructure. There is extremely high confidence that the attempted communication has malicious origins. |
 |
Critical (high level of risk): There is recent attempted communication with threat actor infrastructure. There is very high confidence that the attempted communication has malicious origins. |
 |
Elevated (significant risk): There are previous or recent attempted communications with threat actor infrastructure. There is high confidence that the communication has a malicious origin. |
 |
Stable (low risk): There are no communications with threat actor infrastructure, the communications are long dormant, or there is low confidence in the communications. |
| Unobserved (no risk): There is no evidence of current or recent compromise activity. |
IP Addresses: Lists the actual IP addresses that have been compromised by an attacker.
Malware Families: Identifies the exact malware used by the attacker, and which is currently “beaconing” out from a specific IP address within the victimized organization.
Total Events: The total number of malware beacons that are “calling out” from the victim organization. When malware beacons, it is doing one of several things (or it may be doing several of them at the same time): “checking in” to let the attacker know it has arrived safely and/or is performing its programmed instructions; updating the attacker on the malware’s progress inside the victim organization; requesting new instructions from the criminal operator; receiving updated code to change its behavior or to add new functions; and exfiltrating data from the breached company.
This easy to read graph shows users the overall pattern of malicious activity that has been observed from the victim organization’s IP address(es). The graph is color-coded, following the ranking system of Severe (red), Critical (orange), Elevated (yellow) and Stable (green). By reviewing this graph, users can plainly see how well or how poorly an organization has been able to remediate the confirmed compromises within its network environment.
Provides a detailed breakdown of the observed malicious activity per IP address. Users can trace each compromised IP back to the specific malware that was used, and how many times the malware “called back” from that address. The event summary section also frequently provides threat actor attribution.
Find out the instant your company is compromised – instead of waiting days, weeks or months for the malicious activity to be detected by your IDS/IPS, SIEM or other detection tools.
In addition to spotting compromises that other security tools can’t see, APEX also helps companies audit the effectiveness of their monitoring and perimeter security products. If these expensive products aren’t doing their job, don’t you want to know?
Many corporate compromises are the result of undetected breaches that began in the supply chain, and slowly moved from company to company until they reached the bigger target. With APEX, companies now have the ability to see inside the attacks that are targeting other organizations’ networks. This unprecedented visibility allows you to track the compromises of your most critical companies in real-time.*Purchase of a Prevailion Vision Pack™ subscription is required to check and monitor third-party IP addresses.
By monitoring your third-parties, you can prevent attacks on your network before they’ve even had a chance to start. APEX provides clear insights into the malware, C2 nodes and attackers that are behind these attacks – giving you the chance to cut off “trusted access” for the infected third-party, harden your defenses ahead of time and prepare in advance for the specific threat that could be coming your way.
APEX’s exclusive compromise intelligence offers many business advantages to its customers. Companies can use it to vet their third-party relationships, choosing only the best and most secure partners. This intelligence can also be used for investment decision support and merger & acquisition due diligence. Compliance professionals and the insurance industry may also use this detailed information to better evaluate the risk profile of an organization. Purchase of a Prevailion Vision Pack™ or APEX Unlimited™ is required to check and monitor third-party IP addresses.
Having knowledge of active compromise campaigns targeting your industry is a signal flare you can rally your organization’s defenses around.
Previous