for real security

deepclean is the Vulnerability-Scanner on File-Level.

Each system can be compromised.
Via Internet, e-mail, via USB, through networks and from new.

In the ever more digital world of perfectly camouflaged infiltrations, it is very difficult to recognize or to clean up those infiltrations.
With conventional techniques, a detection is usually NOT possible. In these cases the assumption is that the threat is already known, possessing a so-called CVE. Other technologies are testing at the process level - most too late - the infection is already processing. deepclean checks on file-level and detects changed files before these can start processes.

All parts of the IT - servers, switches, gateways etc. - as well as machine controls are checked to ensure effective protection against all types of anomalies, such as viruses, trojans, malware, and Advanced Persistent Threats (APT).

the drain - the phases

deepclean - how it works

Collecting deepclean indicators

With and without agents we collect all the important indicators of servers-, workstations and running network traffic.

We then analyze the data in an automated investigation against our signatures and Hash databases.

Basic Analysis and event cleanup

We compare the found and unidentified files between devices and examine current runtime environments. For any irregularities.

Characteristics of suspicious files are stored in the database.

Data correlation (anomalies and changes)

We start with the correlation and analysis of anomalies and suspicious irregularities. With the help of reputation databases - hashes, IP and URL - we transfer clean files and processes in the local whitelist.

Analysis of unknowns

suspicious or unknown files and processes are reconsidered and possibly supplied to a blacklist, with the help of additional signature databases.

Behavioral and in-depth analysis including clean-up

With the help of a special technology files will be checked by static binary data analysis - and possibly also a dynamic analysis for potential malicious code executed.

It will run through different scenarios, to reveal even perfectly camouflaged attacks.

Infected files will be cleaned or discarded.


Reports are generated in the
Cyber Security Operations Center - ICS -

PHASE 7 - optional -
permanent live system

We transfer the results into the live system. We then start the operation and check all systems permanently.

In-depth-cleaning is always included.

the deepclean project

PHASES 1-6 are only offered in a bundle
for a unique project price plus man-days.

The PHASE 7 is a permanent project and can be completed for one year.
For this PHASE 7 a monthly payment are possible.

The basis for calculation is the number of all assets.
1 Asset = 1 Server, 1 PC, 1 Notebook, 1 Switch ....

get in touch