![]() ![]() Incident Response Platform (IRP) or orchestration integration? Linking telemetry (observable data) to recreate a sequence of events to aid investigation Threat Intelligence integration (TIP, upload, webservice connector, etc) to enrich and contextualize alerts Threat Hunting interface or API for searching with YARA/REGEX/ElasticSearch/IOC ![]() Integration with automated malware analysis solutions (sandboxing) Static analysis of files using capabilities such as machine learning (not including signature based malware detection) analysis over active memory, OS activity, user behavior, process/application behavior, etc.) Telemetry data itself can be extended in real timeĮvent chaining and enrichment on the endpointsīehavioral analysis (e.g. Inter-Process Communication (Named Pipes, etc) up to this Virtualize file system, registry, COM on real endpoints ![]() Run unknown files with Auto Containment ProtectionĬreate Virtual environment for any unknowns Security Orchestration, Analysis and Response (SOAR) Integrationĭefault Deny Security with Default Allow Usability Manage, and maintain, an application control database of known "trusted" applications?ĮPP management console available as an on-premises virtual or physical server/applicationĬonsolidated EPP management console to report on, manage, and alert for Windows macOS clients and mobile Protect/block ransomware when "Offline" or "Disconnected" from the internet? Integration with on-premises network/cloud sandboxĪutomatically creates network traffic rulesįull Device Control (Device Control based on Device Class product ID, Vendor ID and Device Name)Īgent self-protection/remediation or alerting when there is an attempt to disable, bypass, or uninstall it Script, PE, or fileless malware protection Local endpoint sandboxing/endpoint emulation Machine learning for process activity analysis Machine learning/algorithmic file analysis on the endpoint ![]()
0 Comments
Leave a Reply. |