Invincea Advanced Endpoint Protection

Transcription

1 SOLUTION OVERVIEW Invincea Advanced Endpoint Protection A next-generation endpoint security solution to defend against advanced threats combining breach prevention, detection, and response The battle to secure the enterprise is being won or lost at the endpoint, where 95% of all successful breaches originate. Sophisticated adversaries weapon of choice is unknown malware. Yet with thousands of malware variants being created daily, legacy endpoint solutions can t stop today s threats. Contain, Identify, and Control In response, Invincea Advanced Endpoint Protection provides a next-generation solution for containing threats, identifying compromises, and re-gaining control over the network. Using an integrated lightweight agent, Invincea runs vulnerable applications in a secure virtual container, detects compromises outside the container, and enables corrective controls enterprise-wide. The solution protects enterprises against targeted threats including spear-phishing and Web drive-by attacks that exploit Java, Flash, and other applications. Combining the visibility and control of an endpoint solution with the intelligence of cloud analysis, Invincea Advanced Endpoint Protection is the only market-deployed solution that defends against zero-day exploits, file-less malware, and previously unknown malware. All so you can keep your data safe, business running, and users productive. Selected Attack Techniques Invincea Protects Against Spear-Phishing Watering Hole Attacks Drive-By Downloads Malvertising Ransomware

2 Invincea Advanced Endpoint Protection is comprised of three products that work seamlessly together: Invincea Endpoint contains new attacks by running end user applications in a secure virtual container; identifies unknown programs for cloud-based analysis; and enforces corrective controls. Invincea Management provides a central console to: manage Invincea Endpoint instances, analyze forensic information from blocked attacks, orchestrate cloud-based analysis of unknown programs and review results, and apply controls to eliminate compromises. Cynomix is a cloud-based malware analysis service that analyzes unknown programs for malicious indicators, using patent-pending cyber genome analysis technology. A detection and response-only strategy is as flawed as a prevention-only strategy. The best future endpoint protection will be provided by endpoint platforms that are capable of providing preventive, detective, responsive and predictive capabilities in an integrated solution. Neil MacDonald and Peter Firstbrook Gartner, May 2014 Invincea Endpoint Invincea Endpoint (formerly Invincea FreeSpace) allows security teams to contain new attacks by running vulnerable end user applications in a secure virtual container. This prevents attackers from leveraging zero-day exploits and executing malicious code, even previously unknown or fileless malware. The product also enables corrective controls, giving security teams the ability to automatically terminate suspicious processes that launch within the container. Paired with Invincea Management, Invincea Endpoint provides breach detection capabilities by enabling end user systems to serve as a distributed sensor network. Each time a process launches on an endpoint (inside or outside the container), Invincea Endpoint quickly and inexpensively checks if the process is known, only escalating unknown programs to Invincea Management for further analysis. We chose Invincea to protect our bank against targeted attacks on our employees, including spear-phishing and webbased drive-by attacks. Invincea is a key element of our information security strategy, and we estimate it has delivered millions of dollars of value to the bank. Christopher Walsh FVP and Information Security Officer Bank Leumi 2

3 Invincea Endpoint Key Capabilities: Secure Virtual Container Protected applications, file systems, registry entries, and OS interfaces are virtualized and execute through a dynamic copy-on-write technique Behavioral Detection Engine and Corrective Controls A signature-free, behavioral detection engine monitors all activity running in the container (process calls, writing to a file, writing to the virtual registry, etc.) and automatically detects malicious behavior Policy-based rules govern what processes and user tasks can execute Suspicious processes in the container can be automatically terminated Compromise Identification (Detection Sensor) Captures metadata on every file involved in an execution; identifies anomalous programs and sends metadata to Invincea Management for threat analysis Can be run independently of container, for initial discovery or permanently Rich Forensic Data Capture Attack source, attack timeline, registry changes, network activity, & more Small-Footprint, Lightweight Agent Uses only ~100MB of RAM and ~1% CPU utilization Requires no special hardware; runs on Windows XP, 7, and 8 Secure virtual container: Virtual file system and registry Policy management Forensic data capture Selected Applications Protected by Container Internet Explorer Google Chrome Mozilla Firefox Oracle Java Adobe Flash Adobe Acrobat Adobe Reader (PDF) Microsoft Excel Microsoft PowerPoint Microsoft Word Microsoft Office 365 (CTR) Apple QuickTime Microsoft Silverlight Custom browser plugins Invincea communications interface Limits and mediates communication to OS Kernel-level drivers: Virtualization driver Malware detection engine Known-process check Granular controls 3

4 Invincea Management Invincea Management uses a comprehensive set of cloud-based analysis services to determine whether suspicious programs are likely malicious. It uses an open, vendor-neutral API to perform best-of-breed, cloud-based analytics on endpoint activity. Invincea does this efficiently to minimize performance impact across memory, CPU, disk, network, and storage resources. The product also provides rich forensic information on attacks. Market Impact: 25,000 Customers Protected 2 Million Active Users Millions of Malware Strains Analyzed Invincea Management Key Capabilities: Breach Detection When any unknown program (.EXE or.dll) is launched on an endpoint, Invincea Management queries a set of cloud-based and on-premise threat analysis services to determine its likelihood of being malicious Indicates the maliciousness of the file via a prioritized threat score Using Cynomix, displays the file s likely functional capabilities in plain English such as grabs keystrokes or engages registry Uses an open, pluggable framework to provide access to Cynomix, VirusTotal, Metascan, ReversingLabs, and any other desired service Rich Forensic Attack Intelligence Shows attack source, timeline of detailed attack steps, registry changes, network activity, and more Management of Invincea Endpoint Instances Provides administration of Invincea Endpoint configurations, with group policy support, while capturing a full audit trail of all changes Major Attacks Identified: Forbes.com (chained zero-day watering hole attack) Fessleak (zero-day ransomware malvertising) Operation DeathClick (targeted drive-by attack) Strategic OEM Relationship: Dell ships Invincea software pre-loaded on every commercial market endpoint device All Dell commercial PC customers receive a free Invincea subscription Invincea Management displays potential compromises detected 4

5 Cynomix Cynomix is an advanced malware analysis technology that identifies malicious code through innovative static code analysis, the result of four years of DARPA-funded development. Cynomix is a cloud-based service that uses patent-pending cyber genome analysis to identify unknown programs similarity to known malware and their hidden functionality. This breakthrough technology uses machine learning and crowdsourced analysis to identify malware never before seen in the wild. Cynomix Key Capabilities: Determines Similarity to Known Malware Uses genetic markers to cluster unknown programs with malware Returns a similarity score for each malicious program with which it shares unique markers, thus indicating likelihood of being malicious Clusters thousands of new malware strains daily, enabling it to stay current with the newest emerging threats Reveals Functional Capabilities Determines a program s likely functionality from a set of more than 100 capabilities, and reports them in plain English such as grabs keystrokes, engages registry, and engages password hashes We turned to Invincea as part of our proactive approach to protecting our network, to identify and control a broad range of attacks where they first appear at the endpoint. Paul Calatayud Chief Information Security Officer Surescripts We are stopping more things at the desktop than we have before. Invincea has helped us stop a number of incidents that could have been severe. Mike Rizzo SVP and Chief Information Officer Boston Financial Data Services Cynomix displays similarity to known malware and lists functional capabilities 5

6 Unique Advantages Comprehensive Solution: Prevention plus Detection & Response The only integrated endpoint solution for true prevention, detection, and response enables you to establish a stronger security posture against advanced threats One Agent, One Console, One Vendor, One Price Invincea delivers advanced endpoint protection through a single endpoint technology and management console, from one vendor and support team, with one simple price Independently run prevention (virtual container), detection (sensor), or both on each endpoint Small-Footprint, Lightweight Technology Invincea uses minimal resources across RAM (~100MB), CPU (~1% utilization), disk, network, and storage enabling advanced threat protection without any impact to end users Zero-Day Threat Protection By isolating endpoint applications in a secure virtual container, both zero-day and known exploits are immediately stopped; even file-less malware executed via a zero-day attack can t reach its target Key Benefits Stops advanced attacks before they establish a foothold Blocks sophisticated threats by preventing malicious activity from persisting on the endpoint Reduces intrusion dwell time to as little as minutes Detects compromises of operating system & applications by quickly analyzing processes as they launch Simplifies management of endpoint security Helps you consolidate agents, consoles, and vendor relationships with one easy-to-manage solution Reduces TCO from unified solution Combines technologies, automates work, and enables vendor consolidation, all for an affordable price About Invincea Invincea is the leader in advanced endpoint threat protection, protecting more than 25,000 customers and 2 million active users. The company provides the most comprehensive solution to contain, identify, and control the advanced attacks that evade legacy security controls. Invincea protects enterprises against targeted threats, including spear-phishing and Web drive-by attacks that exploit Java, Flash, and other applications. Combining the visibility and control of an endpoint solution with the intelligence of cloud analysis, Invincea offers the only market-deployed solution that defends against 0-day exploits, file-less malware, and previously unknown malware University Drive, Suite 330, Fairfax, VA USA Tel: info@invincea.com , Invincea, Inc. All rights reserved. Invincea, the Invincea Logo, Invincea FreeSpace, Invincea Management Service are trademarks of Invincea, Inc. All other product or company names may be trademarks of their respective owners. All specifications are subject to change without notice. Invincea assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Rev 0615