Invincea Advanced Endpoint Protection



Similar documents
Advanced Endpoint Protection

Tech Throwdown: Invincea FreeSpace vs. Micro-Virtualization

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Symantec Advanced Threat Protection: Network

24/7 Visibility into Advanced Malware on Networks and Endpoints

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops

The Importance of Patching Non-Microsoft Applications

15. juli Norman Enterprise Security NESEC

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Symantec Endpoint Protection Datasheet

Devising a Server Protection Strategy with Trend Micro

Complete Patch Management

Windows XP End-of-Life Handbook for Upgrade Latecomers

Devising a Server Protection Strategy with Trend Micro

Vulnerability Management

Cisco Advanced Malware Protection for Endpoints

WildFire. Preparing for Modern Network Attacks

Carbon Black and Palo Alto Networks

Cisco Advanced Malware Protection for Endpoints

The Importance of Patching Non-Microsoft Applications

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Increase insight. Reduce risk. Feel confident.

Unified Security, ATP and more

Fusing Vulnerability Data and Actionable User Intelligence

The Importance of Patching Non-Microsoft Applications

eguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success

IBM Security re-defines enterprise endpoint protection against advanced malware

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Practical Threat Intelligence. with Bromium LAVA

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Closing the Vulnerability Gap of Third- Party Patching

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Getting Ahead of Malware

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Protecting Your Organisation from Targeted Cyber Intrusion

Symantec Endpoint Protection

Whitepaper. Advanced Threat Hunting with Carbon Black

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

INTRODUCING isheriff CLOUD SECURITY

Three Ways to Secure Virtual Applications

Integrated Threat & Security Management.

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Fighting Advanced Threats

Symantec Messaging Gateway 10.5

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

IBM Endpoint Manager Product Introduction and Overview

Closing the Antivirus Protection Gap

End-user Security Analytics Strengthens Protection with ArcSight

Symantec Endpoint Protection

Endpoint Security for DeltaV Systems

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Analyzing HTTP/HTTPS Traffic Logs

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Kaseya IT Automation Framework

IBM Endpoint Manager for Core Protection

IBM Security Intelligence Strategy

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Requirements When Considering a Next- Generation Firewall

Persistence Mechanisms as Indicators of Compromise

The Benefits of an Integrated Approach to Security in the Cloud

Extreme Networks Security Analytics G2 Vulnerability Manager

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

CA Host-Based Intrusion Prevention System r8.1

IPLocks Vulnerability Assessment: A Database Assessment Solution

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

You ll learn about our roadmap across the Symantec and gateway security offerings.

IBM Tivoli Endpoint Manager for Lifecycle Management

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Tackling Third-Party Patches

Defending Against Cyber Attacks with SessionLevel Network Security

OVERVIEW. Enterprise Security Solutions

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

End to End Security do Endpoint ao Datacenter

Reducing the Complexity of Virtualization for Small and Midsized Businesses

Seven for 7: Best practices for implementing Windows 7

Why The Security You Bought Yesterday, Won t Save You Today

Windows Embedded Security and Surveillance Solutions

CA IT Client Manager

Looking Ahead The Path to Moving Security into the Cloud

We Prevent Breaches (and surprises) Intelligent Prevention

Trend Micro. Advanced Security Built for the Cloud

Lumension Endpoint Management and Security Suite

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

The webinar will begin shortly

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

AppGuard. Defeats Malware

Extreme Networks Security Analytics G2 Risk Manager

What is Next Generation Endpoint Protection?

Managing non-microsoft updates

eguide: Designing a Continuous Response Architecture Disrupting the Threat: Identify, Respond, Contain & Recover in Seconds

Reducing the cost and complexity of endpoint management

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Transcription:

SOLUTION OVERVIEW Invincea Advanced Endpoint Protection A next-generation endpoint security solution to defend against advanced threats combining breach prevention, detection, and response The battle to secure the enterprise is being won or lost at the endpoint, where 95% of all successful breaches originate. Sophisticated adversaries weapon of choice is unknown malware. Yet with thousands of malware variants being created daily, legacy endpoint solutions can t stop today s threats. Contain, Identify, and Control In response, Invincea Advanced Endpoint Protection provides a next-generation solution for containing threats, identifying compromises, and re-gaining control over the network. Using an integrated lightweight agent, Invincea runs vulnerable applications in a secure virtual container, detects compromises outside the container, and enables corrective controls enterprise-wide. The solution protects enterprises against targeted threats including spear-phishing and Web drive-by attacks that exploit Java, Flash, and other applications. Combining the visibility and control of an endpoint solution with the intelligence of cloud analysis, Invincea Advanced Endpoint Protection is the only market-deployed solution that defends against zero-day exploits, file-less malware, and previously unknown malware. All so you can keep your data safe, business running, and users productive. Selected Attack Techniques Invincea Protects Against Spear-Phishing Watering Hole Attacks Drive-By Downloads Malvertising Ransomware www.invincea.com

Invincea Advanced Endpoint Protection is comprised of three products that work seamlessly together: Invincea Endpoint contains new attacks by running end user applications in a secure virtual container; identifies unknown programs for cloud-based analysis; and enforces corrective controls. Invincea Management provides a central console to: manage Invincea Endpoint instances, analyze forensic information from blocked attacks, orchestrate cloud-based analysis of unknown programs and review results, and apply controls to eliminate compromises. Cynomix is a cloud-based malware analysis service that analyzes unknown programs for malicious indicators, using patent-pending cyber genome analysis technology. A detection and response-only strategy is as flawed as a prevention-only strategy. The best future endpoint protection will be provided by endpoint platforms that are capable of providing preventive, detective, responsive and predictive capabilities in an integrated solution. Neil MacDonald and Peter Firstbrook Gartner, May 2014 Invincea Endpoint Invincea Endpoint (formerly Invincea FreeSpace) allows security teams to contain new attacks by running vulnerable end user applications in a secure virtual container. This prevents attackers from leveraging zero-day exploits and executing malicious code, even previously unknown or fileless malware. The product also enables corrective controls, giving security teams the ability to automatically terminate suspicious processes that launch within the container. Paired with Invincea Management, Invincea Endpoint provides breach detection capabilities by enabling end user systems to serve as a distributed sensor network. Each time a process launches on an endpoint (inside or outside the container), Invincea Endpoint quickly and inexpensively checks if the process is known, only escalating unknown programs to Invincea Management for further analysis. We chose Invincea to protect our bank against targeted attacks on our employees, including spear-phishing and webbased drive-by attacks. Invincea is a key element of our information security strategy, and we estimate it has delivered millions of dollars of value to the bank. Christopher Walsh FVP and Information Security Officer Bank Leumi www.invincea.com 2

Invincea Endpoint Key Capabilities: Secure Virtual Container Protected applications, file systems, registry entries, and OS interfaces are virtualized and execute through a dynamic copy-on-write technique Behavioral Detection Engine and Corrective Controls A signature-free, behavioral detection engine monitors all activity running in the container (process calls, writing to a file, writing to the virtual registry, etc.) and automatically detects malicious behavior Policy-based rules govern what processes and user tasks can execute Suspicious processes in the container can be automatically terminated Compromise Identification (Detection Sensor) Captures metadata on every file involved in an execution; identifies anomalous programs and sends metadata to Invincea Management for threat analysis Can be run independently of container, for initial discovery or permanently Rich Forensic Data Capture Attack source, attack timeline, registry changes, network activity, & more Small-Footprint, Lightweight Agent Uses only ~100MB of RAM and ~1% CPU utilization Requires no special hardware; runs on Windows XP, 7, and 8 Secure virtual container: Virtual file system and registry Policy management Forensic data capture Selected Applications Protected by Container Internet Explorer Google Chrome Mozilla Firefox Oracle Java Adobe Flash Adobe Acrobat Adobe Reader (PDF) Microsoft Excel Microsoft PowerPoint Microsoft Word Microsoft Office 365 (CTR) Apple QuickTime Microsoft Silverlight Custom browser plugins Invincea communications interface Limits and mediates communication to OS Kernel-level drivers: Virtualization driver Malware detection engine Known-process check Granular controls www.invincea.com 3

Invincea Management Invincea Management uses a comprehensive set of cloud-based analysis services to determine whether suspicious programs are likely malicious. It uses an open, vendor-neutral API to perform best-of-breed, cloud-based analytics on endpoint activity. Invincea does this efficiently to minimize performance impact across memory, CPU, disk, network, and storage resources. The product also provides rich forensic information on attacks. Market Impact: 25,000 Customers Protected 2 Million Active Users Millions of Malware Strains Analyzed Invincea Management Key Capabilities: Breach Detection When any unknown program (.EXE or.dll) is launched on an endpoint, Invincea Management queries a set of cloud-based and on-premise threat analysis services to determine its likelihood of being malicious Indicates the maliciousness of the file via a prioritized threat score Using Cynomix, displays the file s likely functional capabilities in plain English such as grabs keystrokes or engages registry Uses an open, pluggable framework to provide access to Cynomix, VirusTotal, Metascan, ReversingLabs, and any other desired service Rich Forensic Attack Intelligence Shows attack source, timeline of detailed attack steps, registry changes, network activity, and more Management of Invincea Endpoint Instances Provides administration of Invincea Endpoint configurations, with group policy support, while capturing a full audit trail of all changes Major Attacks Identified: Forbes.com (chained zero-day watering hole attack) Fessleak (zero-day ransomware malvertising) Operation DeathClick (targeted drive-by attack) Strategic OEM Relationship: Dell ships Invincea software pre-loaded on every commercial market endpoint device All Dell commercial PC customers receive a free Invincea subscription Invincea Management displays potential compromises detected www.invincea.com 4

Cynomix Cynomix is an advanced malware analysis technology that identifies malicious code through innovative static code analysis, the result of four years of DARPA-funded development. Cynomix is a cloud-based service that uses patent-pending cyber genome analysis to identify unknown programs similarity to known malware and their hidden functionality. This breakthrough technology uses machine learning and crowdsourced analysis to identify malware never before seen in the wild. Cynomix Key Capabilities: Determines Similarity to Known Malware Uses genetic markers to cluster unknown programs with malware Returns a similarity score for each malicious program with which it shares unique markers, thus indicating likelihood of being malicious Clusters thousands of new malware strains daily, enabling it to stay current with the newest emerging threats Reveals Functional Capabilities Determines a program s likely functionality from a set of more than 100 capabilities, and reports them in plain English such as grabs keystrokes, engages registry, and engages password hashes We turned to Invincea as part of our proactive approach to protecting our network, to identify and control a broad range of attacks where they first appear at the endpoint. Paul Calatayud Chief Information Security Officer Surescripts We are stopping more things at the desktop than we have before. Invincea has helped us stop a number of incidents that could have been severe. Mike Rizzo SVP and Chief Information Officer Boston Financial Data Services Cynomix displays similarity to known malware and lists functional capabilities www.invincea.com 5

Unique Advantages Comprehensive Solution: Prevention plus Detection & Response The only integrated endpoint solution for true prevention, detection, and response enables you to establish a stronger security posture against advanced threats One Agent, One Console, One Vendor, One Price Invincea delivers advanced endpoint protection through a single endpoint technology and management console, from one vendor and support team, with one simple price Independently run prevention (virtual container), detection (sensor), or both on each endpoint Small-Footprint, Lightweight Technology Invincea uses minimal resources across RAM (~100MB), CPU (~1% utilization), disk, network, and storage enabling advanced threat protection without any impact to end users Zero-Day Threat Protection By isolating endpoint applications in a secure virtual container, both zero-day and known exploits are immediately stopped; even file-less malware executed via a zero-day attack can t reach its target Key Benefits Stops advanced attacks before they establish a foothold Blocks sophisticated threats by preventing malicious activity from persisting on the endpoint Reduces intrusion dwell time to as little as minutes Detects compromises of operating system & applications by quickly analyzing processes as they launch Simplifies management of endpoint security Helps you consolidate agents, consoles, and vendor relationships with one easy-to-manage solution Reduces TCO from unified solution Combines technologies, automates work, and enables vendor consolidation, all for an affordable price About Invincea Invincea is the leader in advanced endpoint threat protection, protecting more than 25,000 customers and 2 million active users. The company provides the most comprehensive solution to contain, identify, and control the advanced attacks that evade legacy security controls. Invincea protects enterprises against targeted threats, including spear-phishing and Web drive-by attacks that exploit Java, Flash, and other applications. Combining the visibility and control of an endpoint solution with the intelligence of cloud analysis, Invincea offers the only market-deployed solution that defends against 0-day exploits, file-less malware, and previously unknown malware. 3975 University Drive, Suite 330, Fairfax, VA 22030 USA Tel: 1-855-511-5967 info@invincea.com www.invincea.com 2015, Invincea, Inc. All rights reserved. Invincea, the Invincea Logo, Invincea FreeSpace, Invincea Management Service are trademarks of Invincea, Inc. All other product or company names may be trademarks of their respective owners. All specifications are subject to change without notice. Invincea assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Rev 0615

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information