The program includes the following main components:
Sensor. Receives data.
Central Node. Scans data, analyzes the behavior of objects, and publishes analysis results in the web interface of the program.
Sandbox. Starts virtual images of operating systems. Starts files in these operating systems and tracks the behavior of files in each operating system to detect malicious activity and signs of targeted attacks to the corporate IT infrastructure.
Endpoint Sensors. Installed on separate computers that belong to the corporate IT infrastructure and run the Microsoft Windows operating system. Continuously monitors processes running on those computers, active network connections, and files that are modified.