AppGuard. Defeats Malware

Transcription

1 AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits Intelligent Prevention April 2015

2 Threats Escalating Serious Exposures Breaches Happening 2

3 Traditional best practice not enough Evolving Threats Evading Traditional Network Defenses IDS/IPS, Deep Packet Inspection, NGFW (detection lag, phishing) Breach Detection Systems with Network Sandbox (easily bypassed, stealth) Web Proxies and URL Filtering defenseless (malvertising, masking) Traditional Desktop Protections Repeatedly Bypassed Anti-Virus, signatures, behaviors, HIPS (zero-day, detection lag) White Listing (digitally signed software, update complexity) Anti-exploit, EMET (weaponized documents, ransomware) Perimeter boundaries blurred in modern enterprise cloud Traditional defenses limited to traditional perimeters Little protection off Enterprise, mobile endpoints, distributed ops Rising usability and support requirements with productivity impacts Complexity and costs increasing, yet risks are still rising Detection-response approaches are not enough for the emerging threat environment 3

4 Endpoints are the New Battlefield AppGuard Defeats Malware! Symantec estimates antivirus now catches just 45% of cyber attacks. The Wall Street Journal threat spreads to firewalls and beyond. Reuters Attacked for months - malware lying in wait. The New York Times Speed of attack is increasing while response times are lagging. Deloitte 4

5 May 2014: July 2014: Real-World Enterprise Attack AppGuard Defeats Malware! AppGuard deployed to protect customer endpoints Customer chose to rely on existing intrusion detection systems (IDS) for reporting and threat intelligence Dangerous PoweLiks malware discovered in marketplace January 2015: Customer best-in-class IDS finally discovered Poweliks had attacked numerous endpoints AppGuard had stopped Poweliks from exploiting endpoints No enterprise breach! AppGuard reports would have provided alerts of attempted attacks 8 months earlier than breach detection systems AppGuard should be on every Windows system in the world. Robert Bigman, former CISO, CIA 5

6 Key Differentiation Traditional Best Practice Scan and Compare Detect and Respond Failing to Defeat Exploits Blue Ridge Approach Isolate and Contain Prevent and Report Defeats Exploits DETECTED? Event? ANALYZED CORRECTLY? Exploit Remediated? PROPER RESPONSE? IN TIME TO MINIMIZE DAMAGE? Event? Exploit Prevented REPORT ANALYZE PROTECTED Complex Process dependencies reliance on recognizing anomalies lag time response delay integration vulnerabilities burdensome overhead Streamlined Process removes dependencies no reliance on knowledge no time futureproof protection closes vulnerability gaps removes overhead 6

7 AppGuard Patented exploit prevention for endpoints Stops known and unknown first-stage attacks No detection, scanning, or updates required Earlier warning of attempts while protected Efficient and non-disruptive for the end user Compatible with all Windows versions, apps, system tools, system tools, AV, IDS Easy to deploy and manage Protects on and off enterprise Futureproof Protection prevents undetectable exploits before they cause harm 7

8 AppGuard for the Enterprise Endpoint Agent Software agent installed on endpoint Endpoint protection with per-process log collection Agent can be distributed via network management tools Underlying PKI infrastructure for digitally signing and encrypting logs Enterprise Management System Centrally managed console Administrator rights limited to a trusted few Manages policy updates with audit trail Policy updates pushed directly to endpoints Can establish different endpoint trust groups with different security policies Collects granular endpoint logs real time - early warning of attempts while protected Support Alternatives Enterprise managed services System procurement with Admin support 8

9 AppGuard Threat Intelligence Early IOC reporting for DFIR Teams while protected Effective even for undiscovered malware for earlier warning Timely Advisories and Alerts digitally signed and encrypted Platform for IOC formation, identification, sharing Threat Information collectible from endpoints on and off enterprise Independent Policy administration and reporting management plane No equipment required on customer premises for managed services Logs can be integrated with other systems for analysis Post Incident analysis without remediation crisis AppGuard Threat Intel Advisory Endpoint ID: Suspicious Activity Attack Stopped: Name IOC Matching: Warning Exploit Prevention with Earlier Warning Actionable Threat Intelligence 9

10 Our Customers Say it Best Best Anti-Malware Solution Blue Ridge hit a homerun. It just works. No Hassle. Easy, trouble free integration. Best protection at low cost. Best in Class Field Proven Track Record Usable Scalable Best Value Intelligent Prevention Contact [email protected] or