ENDPOINT PROTECTION PLATFORM (EPP)
3rd gen:
- A centrally managed EPP with audited and optimized settings
- Standard hardware, secure OS, and apps
- Minimum authorization management
- Removable media management
- Reduction of security abuses with reporting and central management for vulnerabilities and patches
- Using EDR with EPP, which uses modern inspection methods such as ML
- Using behavioral analysis which inspects and prevents malware
- Memory protection capabilities
- Automatic integration with Sandbox
- Using server-side HIPS, FIM, virtual patch management and micro-segmentation
- Application control and inspection
- Isolation of risky processes and prevention of affecting other processes by encapsulation
- Using deception technologies
- Advanced endpoint behavioral analysis, breach detection and intervention
- Endpoint forensic tools
Partners:
Endpoint Detection and Response
- Detects local events that can’t be seen through the network
- Provides detailed telemetry related to the attacker’s actions on each system
- Covers remote systems that are not on the company network
- Is not dependent on log activation
- Is not affected by network encryption technologies
- Can be applied to virtualized environments
Partners:
Network Sandbox
Network Sandboxes are based on sensors on monitoring network traffic. They send suspicious objects (i.e. executable files, Microsoft Office files, PDF files and JavaScript codes) to a virtual domain environment where they will be automatically analyzed for detecting if they contain malware. Sensors may be private devices (or virtual devices) and can be placed in other security products (i.e. firewalls, secure web gateways and secure e-mail gateways can all function as sensors). Sandbox in a nutshell, produces a signature (vaccine) that makes detection easier for other security products, analysis, and detection of a harmful APT file by executing downloaded files on virtual machines.
The acceptance of cloud based virtual domain services enables easier integration of virtual domain as a feature of a main security product (i.e. firewall, secure web gateway and other products), for this reason it has a more common implementation. According to the regulations in Turkey, on-premise solutions are preferred to cloud solutions.
The Sandbox evolution
- (1G Sandbox), are independent physical devices that are used to identify advanced threats.
- (2G Sandbox), integrates with other devices with wider security architecture to detect advanced threats in an organization.
- (3G Sandbox) contains robust AI capabilities that can analyze both static and behavior.
Partners:
SIEM
- Can be used to monitor local and out-of-network events within
- Provides more secure user profile creation data compared to approaches intended for the network or the endpoint
- Some SIEMs can receive streams or traffic
- Comprehensive threat detection
- Immunity against encrypted traffic
Partners:
NTA
- Doesn’t trust logging infrastructure
- Can work without user context data
- Uses type of data (traffic) that makes models basic and predictable
- Is good for detecting malware’s lateral movements in the intranet and leaks
- No need for sensors if flow data can be provided through network
- Some of them can detect the malicious software (without Sandbox) in the transmitted file for extra analysis
- Can analyze the networks with devices that can’t be managed or don’t generate logs (such as IoT devices)
- Generates less false positives with advanced AI/ML capabilities
Partners:
SOAR
- Can respond to more incidents
- Faster response with available playbooks (45 mins manually, 1.5 mins with SOAR)
- Makes time for analysts to spend on complex events
- Helps responding to different brands’ products with less product information with the help of present manufacturer connectors
- Detailed reporting and compatibility checks
- Automatic detection and analysis of network weaknesses with VA tools
- Visible incident correlation
Partners: