You have chosen to sponsor your bid up to a maximum amount of .
This project is a new generation security product. We require of you to build a proof of concept with recommendations.
The software follow a client server architecture.
The software agent is an endpoint solution and will be deployed on a typical Windows system. The software will run as a service on the windows system. The software will monitor kernel calls to disk. The software will permit all disk reads. When a request is sent to write files to disk that include machine executable code or PE code then the agent running on the machine will prohibit the files to be written to disk and put the files into a quarantine area. The software will report to a central server through https post or other secure client server methodology. All data must be collected and logged including process cals, IP address information, stack and debug information.
The client must support signatures for packers and PE code through yara. Signatures must be downloadable and updatable form the central server.
Although we expect the client to have a low memory footprint and developed in C without any .NET or other dependancies it would be an added benefit would be for the client to be modularised and support ruby scripts and plugins so that it could be cross platform capable.
Packer sand signatures for PE identification will be provided.
A rails frontend server must be installed and run on IIS or Apache. Administrators will connect with their browsers to the frontend to administer it. The backend database must support Postgres of Sqlite. The frontend server must be completely cross platform compatible. The endpoint clients must connect and upload their status to the server. The server must be able to manipulate the agents through scripting commands.