Advanced Threat Protection
Malware and ransomware prevention for endpoints, fully managed by StratoZen.
Anti-Virus Is No Longer an Option
Traditional anti-virus and anti-malware software can no longer protect your endpoints against modern threats. As we’ve seen in recent successful breaches, AV software based on signature files and point-in-time analysis can be completely bypassed by today’s malware. Evolving quickly, it can evade discovery after it has compromised a system while providing a launching pad for a persistent attacker to move throughout an organization. Sleep techniques, polymorphism, encryption, and use of unknown protocols are just some of the ways that malware can hide from view.
It takes only one threat that evades detection to compromise your environment. Using targeted context-aware malware, sophisticated attackers have the resources, expertise, and persistence to outsmart point-in-time defenses and compromise any organization at any time. Furthermore, point-in-time detection is completely blind to the scope and depth of a breach after it happens, rendering organizations incapable of stopping an outbreak from spreading or preventing a similar attack from happening again.
StratoZen Advanced Threat Protection (ATP)
Using a threat intelligence cloud, the agent software can check for malicious software or detonate unknown files before they infect your system. If a system is infected, our ATP solution can block, alert, and remediate in conjunction with our security engineers. ATP protects you against advanced malware and increases security intelligence across all endpoints – PCs, Macs, mobile devices, and virtual systems. Its lightweight connector architecture uses big data analytics, which simplifies defense-in-requirements to address advanced malware. It eliminates the need for traditional anti-virus security layers that can add significant performance and resource constraints on endpoints.
StratoZen ATP goes beyond point-in-time detection, delivering a lattice of detection capabilities combined with big data analytics, to continuously analyze files and traffic on endpoints to determine if advanced malware is present. Sophisticated machine-learning techniques evaluate more than 400 characteristics associated with each file to analyze and block advanced malware. This combination provides protection that goes beyond traditional point-in-time detection. Retrospective security, the ability to roll back time on attacks, can detect and alert you to files that become malicious after the initial point of entry.
StratoZen ATP Features and Benefits
|Continuous analysis||StratoZen ATP uses cloud-based big data analytics to go beyond point-in-time detection, constantly re-evaluating data gathered over time to detect stealthy attacks.|
|Retrospective security||Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root causes, and perform remediation. The need for retrospective security arises when any IoC occurs, such as an event trigger, a change in the disposition of a file, or an IoC trigger.|
|Dashboards||Gain visibility into your environment through a single pane of glass – with a view into hosts, devices, applications, users, files, and geolocation information, as well as advanced persistent threats (APTs), threat root causes, and other vulnerabilities – to provide a comprehensive contextual view so that you can make informed security decisions.|
|Indications of compromise||IoCs are file and telemetry events correlated and prioritized as potential active breaches. StratoZen ATP automatically correlates multisource security event data, such as intrusion and malware events, to help security teams connect events to larger, coordinated attacks and also prioritize high-risk events.|
|File reputation||Advanced analytics and collective intelligence are gathered to determine whether a file is clean or malicious, allowing for more accurate detection.|
|File analysis and sandboxing||A highly secure environment helps you execute, analyze, and test malware behavior in order to discover previously unknown zero-day threats. Integration of sandboxing technology into ATP results in a more dynamic analysis checked against a larger set of behavioral indicators.|
|Retrospective detection||Alerts are sent when a file disposition changes after extended analysis, giving you awareness and visibility to malware that evaded initial defenses.|
|File trajectory||Continuously track file propagation over time throughout your environment in order to achieve visibility and reduce the time required to scope a malware breach.|
|Device trajectory||Continuously track activity and communication on devices and on the system level to quickly understand root causes and the history of events leading up to and after compromise.|
|Elastic search||A simple, unbounded search across file, telemetry, and collective security intelligence data helps you quickly understand the context and scope of exposure to an IoC or malicious application.|
|Low prevalence executables||Display all files that have been executed across your organization, ordered by prevalence from lowest to highest, to help you surface previously undetected threats seen by a small number of users. Files executed by only a few users may be malicious (such as a targeted advanced persistent threat) or questionable applications you may not want on your extended network.|
|Endpoint IoCs||Users can submit their own Indications of Compromise (IoCs) to catch targeted attacks. These endpoint IoC’s let security teams perform deeper levels of investigation on lesser known advanced threats specific to applications in their environment.|
|Vulnerabilities||This feature shows a list of hosts that contain vulnerable software, a list of the vulnerable software on each host, and the hosts most likely to be compromised. Powered by our threat intelligence and security analytics, ATP identifies vulnerable software being targeted by malware, shows you the potential exploit, and provides you with a prioritized list of hosts to patch.|
|Outbreak control||Achieve control over suspicious files or outbreaks, and quickly and surgically control and remediate an infection without waiting for a content update. Within the outbreak control feature, simple custom detections can quickly block a specific file across all or selected systems; advanced custom signatures can block families of polymorphic malware; application blocking lists can enforce application policies or contain a compromised application being used as a malware gateway and stop the re-infection cycle; custom whitelists will help ensure that safe, custom, or mission-critical applications continue to run no matter what; and device flow correlation will stop malware call-back communications at the source, especially for remote endpoints outside the corporate network.|
|Private Cloud Virtual Appliance||ATP can be deployed as an on-premises, air-gapped solution built specifically for organizations with high-privacy requirements that restrict using a public cloud.|