In our environment, we use Asgard for a multitude of use-cases. In addition to other security components, we use Asgard to regularly scan selected systems for sign of compromise. Furthermore, we use Asgard during incident response for both initial triage and comprehensive scanning of a system.
The fact that the Asgard agent supports all major operating system platforms and versions in combination with its small resource footprint makes it the perfect solution in our case. We employ different deployment methods depending on the platform and use case. For Windows based platforms deployment is fully automated and can be triggered by the CSIRT.
We also appreciate the fact that Asgard is highly configurable and hence can be customized in various aspects. One can configure the depth of the analysis, which allows for quick or thorough results. The ability to configure limits for resource consumption allows us to use it even on systems, which tend to be unstable and with as little impact to and end-user still using the system during a scan. As a company who takes data protection and privacy very serious we do honor the default configuration flag, which anonymizes the scan reports to a degree where even, file system paths are considered during anonymization. Depending on the use case we forward scan results directly to the Analysis Cockpit where we compare results across different systems, furthermore, we use the Analysis Cockpit to eliminate false positives.
At Infineon we integrated Asgard with many of our technical systems. Asgard ships with a comprehensive amount of detection rules and threat intelligence. Additionally, before a scan is triggered Asgard imports, its indicator set from our MISP based Threat Intelligence Platform enabling us to securely scan for host-based indicators from various private and public sources. If files are detected to be suspicious beyond a defined threshold we use Asgard’s Bifrost Protocol to automatically collect suspicious files for dynamic and static analysis.
On a less technical level we value Asgard for the fact that the solutions is developed and maintained in Germany and that as such – given the feature set and availability of detection capabilities and rules – is unique to the market. The team developing and enhancing the solution is a respectable member of the DFIR community and always very approachable and solution oriented. Support by Nextron is reliable and quick.
Head of Cyber Defense Center
Infineon Technologies AG