DarkPoint puts a powerful set of automated analytical tools at the fingertips of your help desk, security operations center, forensic investigators, and even ordinary users. Novice users can get quick answers about suspicious artifacts just by uploading them and reviewing a report, and experts can dive deep into the technical details and behaviors of advanced threats.
DarkPoint scans artifacts for known or unknown threats. Leveraging the power of open-source and patented CyberPoint technology, DarkPoint conducts flexible but powerful analyses of supported file types in near-real-time.
SIGNATURE MATCHING. DarkPoint scans artifacts for known malicious signatures.
EXTRACTION. DarkPoint identifies, decodes, and saves important elements from each artifact. This saves forensic investigations valuable time.
TRANSFORMATION. DarkPoint converts the artifact or its extracted elements into a format suitable for deeper analysis or searching. Where appropriate, it converts the artifact into a readable or previewable form.
EXECUTION. DarkPoint opens or executes the artifact in a carefully instrumented environment, observing and recording its behavior.
SUMMARY. DarkPoint loads and distills its analysis into a human-readable report so you can rapidly assess and mitigate the threat.
DarkPoint automatically identifies known threats, flags suspicious artifacts, and decodes binary files for network and system threat awareness. Its powerful deterministic expert system normalizes an artifact's analytical results and converts them into a clear, actionable report on the threat.
Type | Signature Match | Extract | Transform | Execute | Summary |
---|---|---|---|---|---|
Archive (ZIP, RAR, TAR GZ, BZ, 7z) | ✅ | ✅ | N/A | N/A | N/A |
Portable executable | ✅ | ✅ | ✅ | ✅ | ✅ |
Executable linker file | ✅ | ✅ | ✅ | ||
Mach-0 | ✅ | ✅ | ✅ | ||
Portable Document Format (PDF) | ✅ | ✅ | ✅ | ✅ | ✅ |
HTML | ✅ | N/A | ✅ | ✅ | ✅ |
JavaScript | ✅ | N/A | ✅ | N/A | ✅ |
Electronic mail (email) | ✅ | ✅ | ✅ | ✅ | ✅ |
Network packet capture | ✅ | ✅ | ✅ | ✅ | |
Windows prefetch | ✅ | ✅ | N/A | ||
Window Registry hives | ✅ | ✅ | ✅ | N/A | |
SQLite database | ✅ | ✅ | N/A | ||
URL | ✅ | N/A | ✅ | ✅ | ✅ |
Android APK | ✅ | ✅ | ✅ | ||
Java Class | ✅ | ✅ | ✅ | ✅ | ✅ |
Rich Text Format (RTF) | ✅ | ✅ | ✅ | ||
X509 certificate | ✅ | ✅ | N/A | ||
Microsoft Office document | ✅ | ✅ | ✅ | ||
Image (PNG, JPG, GIF) | ✅ | ✅ |
Configurations | DarkPoint Cloud (DPC) DarkPoint Enterprise (DPE) DarkPoint Virtual (DPV) |
Customizations* | Control the number of sandbox VMs on DPE or DPV Enable or disable unneeded internal or external analyzers Spin up additional copies of important analyzers |
Data Feeds* | Buy a copy of DarkPoint Cloud data (at time of purchase) Buy regular updates of DarkPoint Cloud |
Training* | Classes for operation, management and development Training available at CyberPoint or on-location Class sizes ranges from 3 to 20 participants |
3rd party licenses are required for some external service integration (e.g. distorm, IDAPro, Microsoft Windows 7 (with Office 2007), VirusTotal Signature Match, VirusTotal URL Reputation Lookup, etc.). NOTE: DarkPoint will function as normal without these services.
*Will result in increased cost.
For our customers, we support incident response with repository querying and analysis. We also respond to customer inquiries about a wide array of infosec topics.
If your organization needs immediate assistance with a suspected or confirmed cyber incident, contact us.
If you like DarkPoint and think others would too, we'd appreciate it if you would spread the word!