Generating actionable incident response from cloud application Includes ready-to-use cloud application connectors for: Protocol analyzers for 40+ different protocols such as TCP, UDP, DNS, DHCP, HTTP, HTTPS, NTLM, etc. Tuning of monitoring rules for reduction of false positives Reporting interface identifies frequent alerts that may be appropriate for automating response reporting on unpatched CVEs)Īlert prioritization based on confidence, able to define thresholds for alerting.Īlert prioritization factors system criticalityĪble to monitor risk exposure across environment organized by logical asset groups Incident Response Platform (IRP) or orchestration integration? Linking telemetry (observable data) to recreate a sequence of events to aid investigation
Threat Intelligence integration (TIP, upload, webservice connector, etc) to enrich and contextualize alerts Threat Hunting interface or API for searching with YARA/REGEX/ElasticSearch/IOC Integration with automated malware analysis solutions (sandboxing) Static analysis of files using capabilities such as machine learning (not including signature based malware detection) analysis over active memory, OS activity, user behavior, process/application behavior, etc.) Telemetry data itself can be extended in real timeĮvent chaining and enrichment on the endpointsīehavioral analysis (e.g. Inter-Process Communication (Named Pipes, etc) up to this Virtualize file system, registry, COM on real endpoints Run unknown files with Auto Containment ProtectionĬreate Virtual environment for any unknowns Security Orchestration, Analysis and Response (SOAR) Integrationĭefault Deny Security with Default Allow Usability
Manage, and maintain, an application control database of known "trusted" applications?ĮPP management console available as an on-premises virtual or physical server/applicationĬonsolidated EPP management console to report on, manage, and alert for Windows macOS clients and mobile Protect/block ransomware when "Offline" or "Disconnected" from the internet? Integration with on-premises network/cloud sandboxĪutomatically creates network traffic rulesįull Device Control (Device Control based on Device Class product ID, Vendor ID and Device Name)Īgent self-protection/remediation or alerting when there is an attempt to disable, bypass, or uninstall it Script, PE, or fileless malware protection
Local endpoint sandboxing/endpoint emulation Machine learning for process activity analysis Machine learning/algorithmic file analysis on the endpoint
0 kommentar(er)
