The 2022 ATT&CK Evaluations for Managed Services Call for Participation is now open. Click here to learn how to participate.
Home  >  Enterprise  >  Participants  >  ReaQta  > Carbanak+FIN7 Configuration


ReaQta Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE Engenuity comments are included in italics.


Product Versions

ReaQta-Hive

  • ReaQta-Hive Windows: 3.3.11
  • ReaQta-Hive Linux: 0.50.0
  • ReaQta-Hive Server: 3.3.99

Product Description

ReaQta-Hive is an AI-powered endpoint security platform that leverages Dynamic Behavioral Analysis to identify and block the most advanced attacks, including zero day threats, in-memory malware and ransomware. Consolidated on a single and elegant dashboard, ReaQta streamlines the work of security analysts by automatically mapping the relevant MITRE ATT&CK events to existing security alerts and threat hunting activities. Attackers’ operations are broken down in stages, making it easy for analysts to identify the phases of the cyber kill-chain that have been reached for efficient, real-time remediation.

ReaQta-Hive makes the MITRE ATT&CK framework an integral part of its operations to speed up and simplify the work of security professionals, while providing in-depth visibility over complex behaviors.

ReaQta-Hive

ReaQta- Hive’s learning models profile the normal behaviour of each endpoint, enabling greater accuracy in detections and alerts when there are deviations from the normal. ReaQta-Hive’s algorithmic approach does not require the use of any managed service capabilities for detection, considerably reducing the workload for SOC teams and MSSPs.

ReaQta’s dashboard lays out a resolution workflow to guide analysts by providing risk indicators, impact assessment and a clear list of high-level activities conducted by attackers, without requiring manual analysis. A powerful threat hunting interface enables security teams to look for suspicious activities in real-time and to discover and aggregate MITRE ATT&CK techniques for easier assessment.

With a unique set of engines capable of continuous learning at both the endpoint and infrastructural levels, ReaQta-Hive can be deployed on-cloud, on-premise and in completely isolated environments, without degradation of performance.

ReaQta’s NanoOS technology

MITRE Engenuity Note: NanoOS was not included in this round's evaluation due to test setup

ReaQta’s proprietary NanoOS technology is a live-hypervisor component that provides deep visibility into endpoint behaviour by enabling monitoring from the hypervisor (Ring -1) layer. The feature is used to acquire low-level information and detect anomalies but this was disabled during the evaluation due to restrictions on the testing environment.

Primary features of NanoOS:

  • Is invisible to malware, ensuring attack resilience
  • Inspects the OS without modifying running applications/adding hooks that may generate instabilities
  • Accurate, reliable data collection even in adversarial scenarios like post-breach assessments
  • Little performance impact (<1% CPU)

ReaQta-Hive supports Windows, Linux, MacOS, and Android endpoints, allowing analysts to make use of a single agent to contextualize and respond to threats.

Product Configuration

  • NanoOS: Disabled (due to restrictions in the testing environment)
  • Quarantine: Disabled
  • Anti-Malware: Disabled
  • Protection Policies: Disabled
  • Anti-Ransomware: Detection Only
  • Telemetry level: Standard
  • DeStra: Enabled