H-Time Machine

H-Time Machine (Forensics module) stores and manages the digital twins that describes the various versions of the infrastructure and vulnerabilities in all its life. Hence, these twins describe both the whole history of the infrastructure and the differences among its versions. H-Time machine simplifies forensics investigation of attacks that may have occurred in the past and have used vulnerabilities that have become public now.  In fact, as soon as an infrastructure vulnerability becomes public, the H-Time Machine can retrieve and update the various twins to include the new vulnerability and simulate the attacks to discover whether an attacker could have exploited the new vulnerability to stealthy attack the infrastructure and hide some malware or steal some information.  The output of the simulations minimizes the cost of investigation by driving the search for indicators of compromise or hidden malware. In this way H-Time machine extends the coverage of a “continuous assessment in the past” handling threat agents that could have exploited some vulnerabilities long time before they became public.