SNOW is recording and detecting native execution of binaries, loading modules, changes made to the file system (registry) and network connections in order to provide a continuous collection of data for analysis and development of a timeline.

The capture of this data and the development of a timeline allows us to conduct root cause analysis to determine whether a victim is a patient ZERO in the enterprise or a patient 100. We can observe the entire kill chain in seconds, integrate intelligence in near real time, and move the incident response timeline closer to instant response through micro and macro level time synchronous event correlation analysis.