We detect what your Antivirus and EDR misses
Our research focuses on backdoors, hack tools, obfuscated scripts, web shells, and adversary activity that the usual Antivirus and EDR misses to detect.



Automated Compromise Assessments
Checking a system for traces of attacker activity is a time-consuming and laborious task. Our scanner THOR automates compromise assessments and removes the need for tedious work.

Accelerated Forensic Analysis
THOR allows your forensic analysts to focus on the important work. It uses thousands of patterns, YARA and Sigma rules to preprocess forensic images and highlight suspicious elements. It speeds up the analysis process substantially, uncovers malicious activity sooner, saves time and money.



Flexible Deployment
THOR can be used as a stand-alone scanner, on thousands of end systems controlled from an ASGARD Management Center or as a web service in form of THOR Thunderstorm collecting from outdated or exotic operating systems.

Unlimited Possibilities
Our scanners and agents run on Microsoft Windows, Linux, macOS and some IBM AIX variants. However, the collectors for THOR Thunderstorm run on just any operating system. You can scan live systems, disk images or specific forensic evidence like EVTX files, memory dumps or Registry hives.


Everything is On-Prem
Our scanners don’t communicate with a remote system. They can even be used in air-gapped networks. Your confidential data never leaves your network.

Stability has Top Priority
THOR does not require a tangible scanner or agent hooks functions. THOR also does not require the need to install a driver. They can adjust their workload to the system’s resources and don’t interfere with other installed security software like an Antivirus or an EDR.

Highly Customizable
It’s important to be able to scan any malicious threats your organization may face. We make it seamless to add and maintain your own IOCs and rules. THOR accepts many different types of IOCs and ASGARD offers native MISP integration.
Testimonials
Over 300 customers around the globe trust our products including Fortune Global 500 companies, government agencies and NGOs.

“In our environment, we use ASGARD for a multitude of use-cases. In addition to other security components, we use ASGARD to regularly scan selected systems for sign of compromise. Furthermore, we use ASGARD during incident response for both initial triage and comprehensive scanning of a system. […]” – Read More
Raphael Otto
Head of Cyber Defense Center, Infineon Technologies AG

“I have been given the opportunity to evaluate Nextron’s VALHALLA feed. The handcrafted high quality detections with literally zero false-positive rate are an unmatched capability that does not only enable your detection technologies to stay ahead of the latest advanced threats but also is an extension of your own security team. Given the high quality and value the feed provides I can highly recommend VALHALLA.”
Markus Neis
Threat Intelligence Manager, Swisscom Schweiz AG
Blog
New product announcements and updates, tutorials and security advisories.
Demystifying SIGMA Log Sources
One of the main goals of SIGMA as a project and SIGMA rules specifically has always been to reduce the gap that existed in the detection rules space. As maintainers of the SIGMA rule repository we're always striving for reducing that gap and making robust and...
Private Sigma Rule Feed in Valhalla and Partnership with SOC Prime
We are proud to announce the integration of our private Sigma rule set in Valhalla. This rule set is used in our scanner THOR and endpoint agent Aurora. The rule set currently contains more than 250 quality-tested and generic rules written by Nextron's detection...
THOR Log Conversion to CSV
We are excited to announce that the upcoming version 1.11 our tool, THOR Util, now has the capability to convert log output files from both the default and JSON format into CSV files. This new feature will make it easier for users to analyze their log data and extract...
How to scan ESXi systems using THOR
More and more often, adversaries target and exploit Internet-facing appliances or devices with exotic or restricted operating systems. Users ask if there is a way to run a compromise assessment scan on these systems with the YARA rules used in THOR. Following up on...