The Best Compromise Assessment Solution
Checking a system for traces of attacker activity is a time-consuming and laborious task. Our scanner THOR automates compromise assessments and removes the need for tedious work.
Quality tested rules
Quality tested YARA and Sigma rules in 8 different categories.
Database grows by around 1500 YARA and 250 Sigma rules every year.
Database change and improve between 300 and 500 old rules every year.
Nextron THOR can detect what your Antivirus and EDR misses
Focus is Hacking Activity
THOR focuses on everything the Antivirus misses. With its huge signature set of thousands of YARA and Sigma rules, IOCs, rootkit and anomaly checks, THOR covers all kinds of threats. THOR does not only detect the backdoors and tools attackers use but also outputs, temporary files, system configuration changes and other traces of malicious activity.
THOR’s impressive detection rate is well-known in the industry and fits the needs of threat hunters around the globe.
Thousands of generic signatures detect anomalies, obfuscation techniques and suspicious properties to rapidly accelerate compromise assessments.
Custom IOCsand YARA Rules
THOR monitors the systems’ resources during the scan. If the available free main memory drops below a certain threshold, THOR stops the scan and exits with a warning. It automatically applies throttling if it detects low hardware resources and disables features that could affect the systems’ stability.
THOR doesn’t have to be installed. You can just copy it to a remote system, run it from a network share or use it on USB drives that you carry to the affected systems.
However, you can deploy it for continuous compromise assessments using the ASGARD agents.
THOR is the most sophisticated and flexible compromise assessment tool on the market.
Everything is On-Prem
Our scanners don’t communicate with a remote system. They can even be used in air-gapped networks. Your confidential data never leaves your network.
Stability has Top Priority
THOR does not require a tangible scanner or agent hooks functions. THOR also does not require the need to install a driver. They can adjust their workload to the system’s resources and don’t interfere with other installed security software like an Antivirus or an EDR.
It’s important to be able to scan any malicious threats your organization may face. We make it seamless to add and maintain your own IOCs and rules. THOR accepts many different types of IOCs and ASGARD offers native MISP integration.
The Analysis Cockpit is the best place to analyse your THOR Logs. It gives you full visibility on all your IOC matches, logs and sandbox reports. Furthermore it allows you to set baselines and points you to security relevant changes in your environment.
The Analysis Cockpit also features an integrated and highly configurable case management system that lets multiple analysts collaborate on the same investigation while ensuring the intended workflow progresses. Just like the ASGARD Management Center the Analysis Cockpit features a rich set of APIs that lets you connect to enterprise ticketing-systems, Sandboxes, CMDBs, SOAR Systems, threat intel platforms and literally any security device you may have in place.
What Nextron Customers Say:
Over 500 customers around the globe trust Nextron products including Fortune Global 500 companies, government agencies and NGOs.
“In our environment, we use ASGARD for a multitude of use-cases. In addition to other security components, we use ASGARD to regularly scan selected systems for sign of compromise. Furthermore, we use ASGARD during incident response for both initial triage and comprehensive scanning of a system. […]”
Head of Cyber Defense Center, Infineon Technologies AG
“I have been given the opportunity to evaluate Nextron’s VALHALLA feed. The handcrafted high quality detections with literally zero false-positive rate are an unmatched capability that does not only enable your detection technologies to stay ahead of the latest advanced threats but also is an extension of your own security team. Given the high quality and value the feed provides I can highly recommend VALHALLA.”
Threat Intelligence Manager, Swisscom Schweiz AG
What others say about Nextron:
Terminator antivirus killer is a vulnerable Windows driver in disguise
[...]Luckily, Nextron Systems head of research Florian Roth and threat researcher Nasreddine Bencherchali have already shared YARA and Sigma (by hash and by name) rules that can help defenders detect the vulnerable driver used by the Terminator tool.[...]
CVE-2023-36884 MS Office Zero-Day Vulnerability Exploited For Espionage - Detection and Mitigation
[...]The NextronSystems team has released sigma rules to block various techniques utilized by RomCom and possibel exploitation of CVE-2023-36884.[...]
Cybersecurity Warning: Zero-Day Vulnerability in Apache Log4j Discovered in Minecraft, Other Apps
[...]Florian Roth, the Head of Research at Nextron Systems, has released a set of YARA rules for identifying CVE-2021-44228 attempts.[...]