<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

 

Blog

Read or download all Datashield news, reviews, content, and more.

 

Tanium

Complete Endpoint Security Management Platform Tanium is a feature-packed endpoint management and endpoint security platform designed to strengthen and optimize an organization’s cybersecurity efforts. The platform gives security teams the tools they need to fortify existing security gaps or completely overhaul their cybersecurity environments, providing complete threat response capabilities from a single endpoint agent. Encompassing everything from asset and threat discovery to complete threat response capabilities from a single endpoint agent, Tanium gives security teams the tools they need to fortify existing security gaps and/or completely overhaul their cyber security environments to adequately prepare themselves for future generations of cyber threats. Tanium Solutions Overview Tanium Core Platform Serving as the foundational core of the Tanium platform, Tanium Core is a security solution that continuously measures and reports on key endpoint security metrics. The core allows security analysts to track the health and performance of critical company assets. Tanium Core can automatically connect and integrate with 3rd party systems to enrich security data collection as well as help accelerate remediation efforts. Endpoint monitoring and remediation SecOps analytics dashboard Natural language parser SIEM, log collector, ticketing system, CMDB integration Custom sensor authoring Tanium Asset Tanium Asset gives organizations immediate visibility into all known and unknown assets connected to the company network. Tanium Asset can discover and monitor devices, users, software, hardware, and all related activity on the network--giving security analysts a consistent and up-to-date view into the overall health and efficiency of their security efforts. Inventory of online and offline endpoints Custom and pre-built reports CMDB integrations Tanium Comply Tanium Comply is a security and compliance module that continuously scans network endpoints for vulnerable misconfigurations and compliance violations. Doing so not only aids in improving a company’s overall security hygiene, but it can also help accelerate and simplify compliance preparation efforts at the same time. Check configurations against industry benchmarks Automatic or on-demand scanning Aggregate assessment results Support corporate security mandates Tanium Deploy As corporate networks grow larger and more complex, Tanium Deploy gives organizations a more efficient way to ensure endpoint software remains patched and up-to-date to minimize security vulnerabilities. Using Tanium Deploy, IT teams can automatically detect outdated software and quickly administer updates when needed. Rapidly deploy and update software Real-time visibility into software deployments Third-party software update templates Employee self-service options Tanium Discover As employee use of personal devices for work grows more and more common, Tanium Discover can automatically detect and monitor those unmanaged assets to ensure sensitive company data remains protected at all times. Security teams can unearth rogue devices, assess those devices, and either deploy the Tanium agent or block the endpoint’s access to the network depending on the information company analysts have gathered. Automatically detect hidden and/or unmanaged endpoints Collect and analyze endpoint data Continuous monitoring with negligible network impact Remotely secure or block discovered devices Tanium Patch Tanium Patch gives organizations an efficient and effective way to patch software systems at scale. Once all computer groups have been patched administrators can view the deployment status for patches as well as view historical patch and system data for each machine. Deploy critical system patches at scale Immediate patch success/failure display Customize patch schedules and workflows Tanium Protect Tanium Protect is a powerful endpoint protection and application control component within the greater platform that allows organizations to consolidate the control of company endpoints and enforce complex security policies at scale. Tanium Protect helps organizations better leverage native OS security controls to reduce unnecessary IT spend and improve their overall security posture without the need for any new infrastructure. Application control Endpoint control via AppLocker or SRP Firewall management Antivirus management Drive encryption Remediation enforcement Tanium Reveal Tanium Reveal is an endpoint monitoring module designed to improve the overall protection and control of highly sensitive company files and data assets. Data patterns that match previously defined artifacts within the Tanium platform automatically alert appropriate security staff where they can then review the threat and respond accordingly. Continuous monitoring of high-value data targets Define and index sensitive data patterns Automated alerts and mitigation workflows Tanium Threat Response Tanium Threat Response is an endpoint detection and response module that gives security teams the ability to actively monitor endpoints and quickly respond to threats as they emerge in real-time. Threat Response also allows analysts to conduct forensic investigations after an attack has already impacted the network. Single endpoint agent and console Automated threat detection Real-time alerts Current and historical data views Threat hunting capabilities

  • 6 min read
  • February 5, 2020 8:29:23 PM MST

Digital Guardian

Endpoint Protection and Data Loss Prevention Digital Guardian offers a full suite of enterprise security products--including data loss prevention (DLP), endpoint detection and response (EDR), and user and entity behavior analysis (UEBA) modules--designed to safeguard critical data assets and protect company endpoints from every possible avenue of attack. Data Loss Prevention Customizable Workspaces Lightweight Endpoint Agent Extensive Control Data Loss Prevention Stopping every security threat is virtually impossible, but preventing data loss is not. Digital Guardian DLP and EDR modules play a critical role in ensuring valuable data assets remain safe and within the organization’s control before, during, and after any setback. Customizable Workspaces Digital Guardian gives threat hunters and other security personnel feature-rich workspaces they can use to review critical threat intelligence data and effectively mitigate virtually any threat. Lightweight Endpoint Agent Digital Guardian’s endpoint protection services leverage a single endpoint agent that collects event data and protects devices from highly advanced threats--all with negligible impact on endpoint performance. Extensive Control Digital Guardian offers security teams enormous flexibility and control over how company data is used and how incoming threats can be handled. Such granular control gives organizations the ability to maximize security efforts without impacting regular business processes. Digital Guardian Endpoint DLP Solution Overview Digital Guardian Platform Serving as the foundation of all Digital Guardian products and security modules, the Digital Guardian Platform combines EDR functionality, DLP, and UEBA capabilities into one single endpoint security solution. The Digital Guardian platform can be deployed as a SaaS or on-premise solution, allowing organizations to choose the deployment method that best fits their needs--regardless of size or budget. Real-time endpoint monitoring and behavioral insight Drag and drop incident management Dedicated analyst workspaces 3rd party integrations Digital Guardian Endpoint DLP Digital Guardian Endpoint DLP is an endpoint management and data protection module that gives organizations granular control over how sensitive company data is moved and safeguarded across the network. Digital Guardian intelligently tracks event data across endpoints and automatically takes action against detected threats to ensure high-value assets remain safe and under the company’s control at all times. Intelligently track and protect high-value data assets Automate encryption and threat remediation activities Proactive data tagging and classification Create and configure usage policies Full data protection across Windows, Mac, and Linux platforms Digital Guardian Endpoint Detection and Response Digital Guardian EDR allows organizations to automatically catch and block threats directly at the attack vector before any significant damage can be done to the company network. Combining real-time event data with historical behavioral analytics and search capabilities in one platform, Digital Guardian EDR gives security teams the intelligence and context needed to efficiently and effectively mitigate incoming threats. Real-time threat alerts and visibility Behavior-based threat detection Automated incident response Threat intelligence mapped to attack lifecycle One console and endpoint agent Digital Guardian User and Entity Behavior Analytics Digital Guardian UEBA gives security teams the ability to detect and monitor user behavior to ensure no malware, compromised accounts, or malicious actors can cause significant damage or the complete loss of high-priority data assets. Track and alert on behavioral deviations Automatically block anomalous behavior Automated risk scoring Collect chain-of-custody forensic evidence Executive risk dashboard

  • 4 min read
  • February 5, 2020 8:16:22 PM MST

Blackberry Cylance

AI-powered Endpoint Detection and Response Platform Acquired by BlackBerry, Cylance is an AI-driven endpoint detection and response (EDR) platform that allows companies to intelligently strengthen, automate, and streamline their overall endpoint security efforts 24/7/365. Able to catch and mitigate highly advanced security threats as they emerge in real-time, Cylance’s EDR capabilities allow security teams to keep critical company assets protected from modern cyber attacks with virtually no impact on endpoint performance whatsoever. Quick Deployment Advanced Protection Lightweight Agent Signature-less Security Quick Deployment CylancePROTECT and CylanceOPTICS are deployed faster than traditional EDR solutions, allowing larger organizations to make significant upgrades to their total endpoint protection efforts in a shorter amount of time. Advanced Protection Advanced AI and machine-learning capabilities catch unknown, zero-day threats, and prevent malware from executing in mission-critical areas. Lightweight Agent Cylance’s endpoint agents are incredibly lightweight and require only a tiny fraction of processing power, helping minimize any performance impact on the endpoint. Signatureless Security Rather than rely on signatures to detect threats, Cylance’s AI-driven-signatureless design allows companies to catch unknown threats with minimal human effort. Cylance Solutions Overview CylancePROTECT Using artificial intelligence as a driving force behind its threat prevention efforts, CylancePROTECT is an endpoint detection and response (EDR) tool that efficiently protects company endpoints from critical threats legacy EDR solutions may miss. In addition to its strong protection against known cyber threats, CylancePROTECT can effectively prevent highly advanced or previous unknown threats, including fileless, memory-based, and zero-day cyber attacks. AI-driven malware protection Zero-day threat prevention Low-performance impact on endpoint Application control and device policy enforcement Memory exploitation detection and prevention Memory Exploitation Protection CylancePROTECT provides additional security coverage by preventing file exploitations from executing in highly vulnerable and challenging areas, such as the operating system or memory layers. Application Control Cylance’s application control capabilities ensure fixed-function devices perform optimally and remain uncompromised at all times. Security teams have the ability to lock down devices and restrict changes to mitigate any malicious changes they may be attempted. ScriptControl CylancePROTECT gives security teams complete control over where scripts are run, when, and how to greatly reduce the risk of malicious scripts being executed in a company’s network. Device Control System administrators can customize device policies and enforce those policies automatically. USB mass storage devices, for example, can be blocked automatically to avoid any unauthorized and/or malicious data transfers. Management Console Reporting Through a rich and interactive dashboard provided by Cylance, security teams can monitor device usage and security data for all their endpoints across the network in real-time. Critical data from CylancePROTECT, such as total device count, active threat events, memory protection coverage, auto-quarantine coverage, and other useful information, can be tracked here. CylanceOPTICS CyberOPTICS is an incident prevention EDR module that operates within the CylancePROTECT environment. CylanceOptics provides the data visualization, alert automation, and incident response capabilities security teams need to proactively catch and eliminate emerging cyber threats. Rapid installation and deployment Zero-latency threat detection Automated threat detection and prevention Remote forensic data collection Syslog integration

  • 4 min read
  • February 5, 2020 8:05:00 PM MST

Cybereason

Next-Gen Endpoint Detection and Response Platform Cybereason is a next-gen endpoint security platform that offers a variety of security monitoring, NGAV, and managed detection services for organizations big and small. Originally founded by former cyber security experts in the Israel Defense Forces, Cybereason’s services are designed to deliver organizations complete security awareness. In addition, their platform offers advanced threat protection capabilities to thoroughly safeguard company networks and critical assets from digital attacks. Detection Precision Third-Party Integration Rapid Remediation Detection Precision Behavioral analysis and cross-correlation capabilities allow organizations to quickly identify emerging threats with a high degree of accuracy, significantly reducing false positives that can waste time and internal resources. Third-party Integration The Cybereason platform can be integrated with several third-party firewalls, SIEM tools, and other threat intelligence resources to enrich all incoming threat data and maximize the likelihood malicious threats are detected earlier in the attack chain. Rapid Remediation Cybereason offers high-powered remediation tools that enable security teams to access remote shell directly from the console as well as automatically detect and respond to advanced network threats. Cybereason Solutions Overview Cybereason EDR Delivering complete endpoint protection from a single, lightweight agent, Cybereason EDR is a full-featured EDR solution designed to catch, analyze, and defend against highly advanced network threats in real-time directly at the endpoint. Cybereason allows organizations to correlate data across machines and generate contextualized alerts to monitor threats as they’re discovered at any point in the attack chain. Light endpoint agent Layered malware detection and defense Pre- and post-execution malware inspection Threat feed integration In-memory and application-layer protection Centralized management and user interface CorrelationEngine The Cybereason CMC Engine can cross-correlate data between multiple endpoints, allowing security teams to catch and pinpoint threats quickly and more accurately than traditional EDR solutions. Alert Contextualization Cybereason gives security analysts rich insight into the complete scope of an attack, including detailed information regarding a root cause of the breach, attack timeline, affected machines and/or users, and all incoming or outgoing communications. Analysts can visualize the attacks through a user dashboard and find the critical information needed to mitigate the threat quickly and effectively. Threat Remediation Cybereason gives security teams generous flexibility and control over remediation. Companies can automatically respond to threats across all affected machines at scale or can directly leverage the remediation toolbox within the console to respond to an active target. Investigation & Analysis Using a rich analytics dashboard provided by Cybereason, security analysts have the ability to view process trees, timelines, and malicious activity for each endpoint on their network. The dashboard gives even lower-level staff the ability to answer hypotheses and hunt down threats. Cybereason NGAV Cybereason provides a next-generation antivirus (NGAV) solution that safeguards company endpoints against highly advanced and unknown security threats, including ransomware and fileless attacks. Cybereason uses machine learning and behavioral analysis technology to identify and stop suspicious activity before it can compromise critical company assets. Fileless attack prevention Secure PowerShell without whitelisting Automate ransomware hunting efforts Automatically prevent malicious encryption

  • 4 min read
  • February 5, 2020 7:43:40 PM MST

    Related Posts

    Bishop Fox

    Meet the leader in Offensive Security Bishop Fox is the largest private offensive security firm. Since 2005, the company has provided security consulting services to the world's leading organizations, working with Fortune 100 companies, to help secure their products, applications, networks, and cloud resources with penetration testing and security assessments.

    • 4 min read
    • March 19, 2021 2:13:14 PM MST

    ExtraHop

    ExtraHop leverages the cloud and provides enterprises with the ability to handle threat detection and mitigation tasks across hybrid infrastructure. Unlike traditional Security Information and Event Management (SIEM) solutions, ExtraHop applies a different approach to threat detection. The method is known as Network Detection and Response (NDR). The NDR approach involves the application of network traffic analysis to investigate anomalous behaviors and risk activities from layer two through layer seven.

    • 4 min read
    • August 7, 2020 12:59:49 PM MST

    Check Point: Next-Generation Firewall

    The fifth generation of cyber-attacks consists of large-scale multi-vector attacks aimed at crippling multiple components of an enterprise’s IT infrastructure. Dealing with these attacks requires a comprehensive solution that protects each gateway, device, and component within an IT architecture.

    • 5 min read
    • June 3, 2020 2:38:10 PM MST