IBM Security® ReaQta features

Pre-execution prevention

Reviews file source code prior to full execution, stopping files from running if malicious code is detected.

Nano operating system (NanoOS) and dual AI engines

Allows certain detection and autonomous operation capabilities even when endpoints are offline.

Attack visibility

Detects and correlates alert information, including an attack’s root cause, risk assessment, and MITRE ATT&CK framework.

Threat hunting

Enables real-time, whole-infrastructure search for indicators of compromise (IOC), binaries and behaviors. Automated data mining facilitates the discovery of dormant threats.


Enables remote gathering of forensic information for an investigation, helping support forensic analysis and reconstruction of an attacker’s activities.

Threat insights

Helps analysts identify potential threats with metadata-based analysis to expedite triage. Enables detection and prevalence analysis of alert artifacts to discover new binaries as soon as they’re activated.


Analyzes file behaviors for detecting imminent attacks and can stop malicious processes from executing.

Signature scanning

Uses heuristics and signature-based prevention.

Custom playbook

Automation features enables the creation of custom-built detection, response and remediation playbooks.

API access

Provides direct API access to the ReaQta engines, which is useful for automating workflows and integrating with external platforms.

Cyber assistant

Enables an AI-powered alert management system that autonomously handles alerts. It can learn an analyst’s decision instantly after seeing a given alert only once.

Behavioral detection

Uses near real-time, behavioral-based anomaly detection and response capabilities to help protect organizations from advanced malware attacks and threats.