<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

 

Blog

Read or download all Datashield news, reviews, content, and more.

 

SentinelOne

Comprehensive security measures are those that provide edge-to-edge protection for assets within an enterprise’s IT architecture. SentinelOne is an example of a comprehensive enterprise security platform that provides threat detection, hunting, and response features that enable organizations to discover vulnerabilities and protect IT operations.

  • 4 min read
  • April 7, 2020 2:00:00 AM MST

Carbon Black

Cloud-Native NGAV and EDR Security Platform The CB Predictive Security Cloud, powered by Carbon Black, is an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The platform combines multiple high-powered endpoint security modules into a single, cloud-based security platform. The CB Predictive Security Cloud provides security teams with virtually everything they need to effectively protect themselves against advanced network attacks, including highly advanced online and offline threats. Single Agent and Console Advanced Endpoint Security Extensive Support Highly Scalable

  • 5 min read
  • March 10, 2020 1:00:00 AM MST

RSA NetWitness Endpoint

A fully integrated endpoint detection and response solution RSA NetWitness Endpoint is a core product offering within the RSA NetWitness Platform that provides continuous monitoring of endpoints. Instead of signatures or rules, the platform leverages continuous behavioral monitoring and advanced machine learning to dive deeper into endpoints better and identify zero-day, hidden, and non-malware attacks that other solutions may miss.

  • 2 min read
  • March 8, 2020 2:04:00 AM MST

Crowdstrike

Advanced Endpoint Detection and Response Recognized as one of the most powerful and trusted names in the cybersecurity industry, the Crowdstrike Falcon platform delivers state-of-the-art endpoint detection and response (EDR) capabilities that give organizations complete security coverage and deep visibility into each and every network endpoint in real time. Such rich insight provided by Crowdstrike allows security personnel to automatically detect advanced threats and respond with the resources necessary to keep critical company assets protected at all times. Whereas traditional EDR solutions rely on signature-based attacks (and therefore vulnerable to silent failure), Crowdstrike’s Falcon Insight EDR solution leverages real-time monitoring capabilities and behavioral analysis techniques to unearth malicious activity before it can compromise the network. In fact, Falcon Insight EDR module has been repeatedly noted by Gartner as being a leader in the endpoint protection space, both in terms of vision and ability to execute. Next-gen Endpoint Protection Falcon Platform Integration Granular Endpoint Visibility Ultra Low Performance Impact Next-gen Endpoint Protection Crowdstrike gives organizations the capability to detect fileless attacks and highly advanced threats without the need for constant updates or resource-sapping system scans. Falcon Platform Integration Catering to the needs of virtually any organization, each Crowdstrike security module can work as a standalone security tool or as a part of the greater Crowdstrike Falcon platform suite. Granular Endpoint Visibility Crowdstrike provides deep visibility into the usage data of each company endpoint, giving security teams copious and relevant data needed to quickly and confidently engage emerging threats. Ultra Low Performance Impact Crowdstrike’s endpoint agents are extremely lightweight and cause virtually zero impact on device performance, even while actively collecting data. Crowdstrike Falcon Overview Crowdstrike Falcon Insight Serving as the core EDR module in the Crowdstrike Falcon platform, Falcon Insight provides supreme company endpoint protection by continuously monitoring endpoint activity to catch intelligent threats as they emerge. The event data pulled from company endpoints are then streamed to the Falcon platform where security teams can engage with the threat as well as hunt for new network threats with the necessary information. Lightweight agent (20MB footprint) IOA behavioral protection Alert prioritization Real-time data capture for 200+ events Crowdstrike Falcon Prevent Crowdstrike Falcon Prevent is a next-gen antivirus product designed specifically to fix efficiency gaps and security vulnerabilities inherent with legacy AV solutions as well as provide superior threat protection for critical company assets. Deployed in just minutes, Falcon Prevent has the ability to stop fileless malware threats, in-memory attacks, and other intelligent threats that would have otherwise gone unnoticed by other AV products. Online and offline protection Machine learning and behavioral analytics Signatureless protection technology Single agent deployment Crowdstrike Falcon Device Control Crowdstrike Falcon Device Control gives organizations complete visibility into and control over employee devices, allowing administrators to enforce proper usage and maintain peak security at all times. Serving as one of the cybersecurity industry’s only cloud-delivered device control and management solutions to date, Falcon Device Control allows security teams to effectively implement security policies as well as detect and monitor network endpoints to ensure no unauthorized devices can connect and/or pose a threat to sensitive company assets. Automatic device discovery Analytics/device usage dashboard Preview policy impact before deployment Online and offline policy enforcement Monitor files written to storage

  • 5 min read
  • March 1, 2020 2:02:00 AM MST

Microsoft Defender Advanced Threat Protection

Discover vulnerabilities and in real-time Microsoft, it's the name you know. The tech giant also provides a complete endpoint detection and response platform deployed in the cloud. Microsoft ATP has been named a leading endpoint protection service by Gartner in 2019 for its cloud security analytics, threat intelligence capabilities, endpoint behavioral sensors, and automation.

  • 6 min read
  • February 28, 2020 2:09:53 AM MST

Tanium

Complete Endpoint Security Management Platform Tanium is a feature-packed endpoint management and endpoint security platform designed to strengthen and optimize an organization’s cybersecurity efforts. The platform gives security teams the tools they need to fortify existing security gaps or completely overhaul their cybersecurity environments, providing complete threat response capabilities from a single endpoint agent. Encompassing everything from asset and threat discovery to complete threat response capabilities from a single endpoint agent, Tanium gives security teams the tools they need to fortify existing security gaps and/or completely overhaul their cyber security environments to adequately prepare themselves for future generations of cyber threats. Tanium Solutions Overview Tanium Core Platform Serving as the foundational core of the Tanium platform, Tanium Core is a security solution that continuously measures and reports on key endpoint security metrics. The core allows security analysts to track the health and performance of critical company assets. Tanium Core can automatically connect and integrate with 3rd party systems to enrich security data collection as well as help accelerate remediation efforts. Endpoint monitoring and remediation SecOps analytics dashboard Natural language parser SIEM, log collector, ticketing system, CMDB integration Custom sensor authoring Tanium Asset Tanium Asset gives organizations immediate visibility into all known and unknown assets connected to the company network. Tanium Asset can discover and monitor devices, users, software, hardware, and all related activity on the network--giving security analysts a consistent and up-to-date view into the overall health and efficiency of their security efforts. Inventory of online and offline endpoints Custom and pre-built reports CMDB integrations Tanium Comply Tanium Comply is a security and compliance module that continuously scans network endpoints for vulnerable misconfigurations and compliance violations. Doing so not only aids in improving a company’s overall security hygiene, but it can also help accelerate and simplify compliance preparation efforts at the same time. Check configurations against industry benchmarks Automatic or on-demand scanning Aggregate assessment results Support corporate security mandates Tanium Deploy As corporate networks grow larger and more complex, Tanium Deploy gives organizations a more efficient way to ensure endpoint software remains patched and up-to-date to minimize security vulnerabilities. Using Tanium Deploy, IT teams can automatically detect outdated software and quickly administer updates when needed. Rapidly deploy and update software Real-time visibility into software deployments Third-party software update templates Employee self-service options Tanium Discover As employee use of personal devices for work grows more and more common, Tanium Discover can automatically detect and monitor those unmanaged assets to ensure sensitive company data remains protected at all times. Security teams can unearth rogue devices, assess those devices, and either deploy the Tanium agent or block the endpoint’s access to the network depending on the information company analysts have gathered. Automatically detect hidden and/or unmanaged endpoints Collect and analyze endpoint data Continuous monitoring with negligible network impact Remotely secure or block discovered devices Tanium Patch Tanium Patch gives organizations an efficient and effective way to patch software systems at scale. Once all computer groups have been patched administrators can view the deployment status for patches as well as view historical patch and system data for each machine. Deploy critical system patches at scale Immediate patch success/failure display Customize patch schedules and workflows Tanium Protect Tanium Protect is a powerful endpoint protection and application control component within the greater platform that allows organizations to consolidate the control of company endpoints and enforce complex security policies at scale. Tanium Protect helps organizations better leverage native OS security controls to reduce unnecessary IT spend and improve their overall security posture without the need for any new infrastructure. Application control Endpoint control via AppLocker or SRP Firewall management Antivirus management Drive encryption Remediation enforcement Tanium Reveal Tanium Reveal is an endpoint monitoring module designed to improve the overall protection and control of highly sensitive company files and data assets. Data patterns that match previously defined artifacts within the Tanium platform automatically alert appropriate security staff where they can then review the threat and respond accordingly. Continuous monitoring of high-value data targets Define and index sensitive data patterns Automated alerts and mitigation workflows Tanium Threat Response Tanium Threat Response is an endpoint detection and response module that gives security teams the ability to actively monitor endpoints and quickly respond to threats as they emerge in real-time. Threat Response also allows analysts to conduct forensic investigations after an attack has already impacted the network. Single endpoint agent and console Automated threat detection Real-time alerts Current and historical data views Threat hunting capabilities

  • 6 min read
  • February 5, 2020 8:29:23 PM MST

Digital Guardian

Endpoint Protection and Data Loss Prevention Digital Guardian offers a full suite of enterprise security products--including data loss prevention (DLP), endpoint detection and response (EDR), and user and entity behavior analysis (UEBA) modules--designed to safeguard critical data assets and protect company endpoints from every possible avenue of attack. Data Loss Prevention Customizable Workspaces Lightweight Endpoint Agent Extensive Control Data Loss Prevention Stopping every security threat is virtually impossible, but preventing data loss is not. Digital Guardian DLP and EDR modules play a critical role in ensuring valuable data assets remain safe and within the organization’s control before, during, and after any setback. Customizable Workspaces Digital Guardian gives threat hunters and other security personnel feature-rich workspaces they can use to review critical threat intelligence data and effectively mitigate virtually any threat. Lightweight Endpoint Agent Digital Guardian’s endpoint protection services leverage a single endpoint agent that collects event data and protects devices from highly advanced threats--all with negligible impact on endpoint performance. Extensive Control Digital Guardian offers security teams enormous flexibility and control over how company data is used and how incoming threats can be handled. Such granular control gives organizations the ability to maximize security efforts without impacting regular business processes. Digital Guardian Endpoint DLP Solution Overview Digital Guardian Platform Serving as the foundation of all Digital Guardian products and security modules, the Digital Guardian Platform combines EDR functionality, DLP, and UEBA capabilities into one single endpoint security solution. The Digital Guardian platform can be deployed as a SaaS or on-premise solution, allowing organizations to choose the deployment method that best fits their needs--regardless of size or budget. Real-time endpoint monitoring and behavioral insight Drag and drop incident management Dedicated analyst workspaces 3rd party integrations Digital Guardian Endpoint DLP Digital Guardian Endpoint DLP is an endpoint management and data protection module that gives organizations granular control over how sensitive company data is moved and safeguarded across the network. Digital Guardian intelligently tracks event data across endpoints and automatically takes action against detected threats to ensure high-value assets remain safe and under the company’s control at all times. Intelligently track and protect high-value data assets Automate encryption and threat remediation activities Proactive data tagging and classification Create and configure usage policies Full data protection across Windows, Mac, and Linux platforms Digital Guardian Endpoint Detection and Response Digital Guardian EDR allows organizations to automatically catch and block threats directly at the attack vector before any significant damage can be done to the company network. Combining real-time event data with historical behavioral analytics and search capabilities in one platform, Digital Guardian EDR gives security teams the intelligence and context needed to efficiently and effectively mitigate incoming threats. Real-time threat alerts and visibility Behavior-based threat detection Automated incident response Threat intelligence mapped to attack lifecycle One console and endpoint agent Digital Guardian User and Entity Behavior Analytics Digital Guardian UEBA gives security teams the ability to detect and monitor user behavior to ensure no malware, compromised accounts, or malicious actors can cause significant damage or the complete loss of high-priority data assets. Track and alert on behavioral deviations Automatically block anomalous behavior Automated risk scoring Collect chain-of-custody forensic evidence Executive risk dashboard

  • 4 min read
  • February 5, 2020 8:16:22 PM MST

Blackberry Cylance

AI-powered Endpoint Detection and Response Platform Acquired by BlackBerry, Cylance is an AI-driven endpoint detection and response (EDR) platform that allows companies to intelligently strengthen, automate, and streamline their overall endpoint security efforts 24/7/365. Able to catch and mitigate highly advanced security threats as they emerge in real-time, Cylance’s EDR capabilities allow security teams to keep critical company assets protected from modern cyber attacks with virtually no impact on endpoint performance whatsoever. Quick Deployment Advanced Protection Lightweight Agent Signature-less Security Quick Deployment CylancePROTECT and CylanceOPTICS are deployed faster than traditional EDR solutions, allowing larger organizations to make significant upgrades to their total endpoint protection efforts in a shorter amount of time. Advanced Protection Advanced AI and machine-learning capabilities catch unknown, zero-day threats, and prevent malware from executing in mission-critical areas. Lightweight Agent Cylance’s endpoint agents are incredibly lightweight and require only a tiny fraction of processing power, helping minimize any performance impact on the endpoint. Signatureless Security Rather than rely on signatures to detect threats, Cylance’s AI-driven-signatureless design allows companies to catch unknown threats with minimal human effort. Cylance Solutions Overview CylancePROTECT Using artificial intelligence as a driving force behind its threat prevention efforts, CylancePROTECT is an endpoint detection and response (EDR) tool that efficiently protects company endpoints from critical threats legacy EDR solutions may miss. In addition to its strong protection against known cyber threats, CylancePROTECT can effectively prevent highly advanced or previous unknown threats, including fileless, memory-based, and zero-day cyber attacks. AI-driven malware protection Zero-day threat prevention Low-performance impact on endpoint Application control and device policy enforcement Memory exploitation detection and prevention Memory Exploitation Protection CylancePROTECT provides additional security coverage by preventing file exploitations from executing in highly vulnerable and challenging areas, such as the operating system or memory layers. Application Control Cylance’s application control capabilities ensure fixed-function devices perform optimally and remain uncompromised at all times. Security teams have the ability to lock down devices and restrict changes to mitigate any malicious changes they may be attempted. ScriptControl CylancePROTECT gives security teams complete control over where scripts are run, when, and how to greatly reduce the risk of malicious scripts being executed in a company’s network. Device Control System administrators can customize device policies and enforce those policies automatically. USB mass storage devices, for example, can be blocked automatically to avoid any unauthorized and/or malicious data transfers. Management Console Reporting Through a rich and interactive dashboard provided by Cylance, security teams can monitor device usage and security data for all their endpoints across the network in real-time. Critical data from CylancePROTECT, such as total device count, active threat events, memory protection coverage, auto-quarantine coverage, and other useful information, can be tracked here. CylanceOPTICS CyberOPTICS is an incident prevention EDR module that operates within the CylancePROTECT environment. CylanceOptics provides the data visualization, alert automation, and incident response capabilities security teams need to proactively catch and eliminate emerging cyber threats. Rapid installation and deployment Zero-latency threat detection Automated threat detection and prevention Remote forensic data collection Syslog integration

  • 4 min read
  • February 5, 2020 8:05:00 PM MST

    Related Posts

    Bishop Fox

    Meet the leader in Offensive Security Bishop Fox is the largest private offensive security firm. Since 2005, the company has provided security consulting services to the world's leading organizations, working with Fortune 100 companies, to help secure their products, applications, networks, and cloud resources with penetration testing and security assessments.

    • 4 min read
    • March 19, 2021 2:13:14 PM MST

    ExtraHop

    ExtraHop leverages the cloud and provides enterprises with the ability to handle threat detection and mitigation tasks across hybrid infrastructure. Unlike traditional Security Information and Event Management (SIEM) solutions, ExtraHop applies a different approach to threat detection. The method is known as Network Detection and Response (NDR). The NDR approach involves the application of network traffic analysis to investigate anomalous behaviors and risk activities from layer two through layer seven.

    • 4 min read
    • August 7, 2020 12:59:49 PM MST

    Check Point: Next-Generation Firewall

    The fifth generation of cyber-attacks consists of large-scale multi-vector attacks aimed at crippling multiple components of an enterprise’s IT infrastructure. Dealing with these attacks requires a comprehensive solution that protects each gateway, device, and component within an IT architecture.

    • 5 min read
    • June 3, 2020 2:38:10 PM MST