It’s 2021. Your email needs better protection than just an antivirus, anti-spam or a traditional sandbox.
Group-IB Atmosphere key features
Atmosphere is an intel-driven malware detonation platform that understands how attackers circumvent traditional sandboxes. It analyzes texts, URLs, attachments and encrypted objects and surpasses most modern evasion methods.
Atmosphere extracts context from attacks by executing payloads in an isolated environment, automatically attributing the attack to a threat actor or malware family and mapping the TTPs to the ATT&CK matrix.
Atmosphere automatically matches detonation reports with our Gartner-recognized Threat Intelligence & Attribution data lake in order to perform attribution and answer key questions: who is behind the attack and what to expect next.
Atmosphere makes it possible to configure virtual machine properties to make them look like your actual corporate environment. This helps surpass advanced detection evasion techniques involved in most modern attacks.
Atmosphere performs constant retrospective analysis. It re-downloads suspicious URLs and re-analyzes objects that can change their state over time. As such, it automatically discovers hidden threats.
Your Atmosphere tenant is provisioned automatically after your trial request is approved. Integration involves simple and standard configuration steps described in the automated setup wizard.
Attackers know what a real environment looks like
German Company
Average competitor
Atmosphere
Singaporean Company
Average competitor
Atmosphere
Polish Company
Average competitor
Atmosphere
Most cloud email sandboxes use standard templates for virtual machines that look completely unnatural to adversaries and are therefore easy to both detect and hide from. This makes the entire approach completely useless against advanced attackers.
Atmosphere makes it possible to adjust key properties to make the virtual machine look like a real environment. Use actual computer names, employees names, corporate domain names, and other features to thoroughly mimic your actual environment.
Think you're secure? Atmosphere features a fully automated test built on knowledge about real tools and techniques used by the most advanced adversaries. See where you really stand.
Attack cases implemented in our test suite repeat different detection bypass techniques, manipulating with contexts, urls, required human activity as well as system-level and dependencies checks.
Atmosphere extracts context from attacks by executing payloads in an isolated environment, automatically attributing the attack to a threat actor or malware family and mapping the TTPs to the ATT&CK matrix.
The test is fully automated and requires only confirming domain ownership. By doing so, we verify that you actually control the domain name and that we can legally run the security assessment.
Integration overview
To deliver cutting-edge email protection in accordance with local regulations, Group-IB Atmosphere is available in four different regions.
Cloud tenant is set up automatically after your trial request is approved. Integration is very simple and implemented as a gateway solution. Simply configure you domain name and Atmosphere will start protection as DNS records are updated.
To improve detection and response even further, Atmosphere supports API-level integration with G-Suite and Office 365. At the same time, Group-IB’s proprietary technology called Neptune allows you to use your real office IP address during analysis runtime.