Next Generation Endpoint Protection - Signatureless - Behavior BasedWe are constantly telling our customers that traditional anti-virus programs that rely mostly on ‘signatures’ from previous attacks will no longer keep a company safe.  Attackers are now sophisticated, well funded and often government controlled.  This means they rely less on exploiting known security holes and more on developing those holes.

A ‘zero day’ exploit is something that has been developed to take advantage of a security hole but has not been applied to other companies… yet.  It is natural to think that these ‘zero days’ are so rare, that attackers would only use them on the largest, juiciest targets (like banks and other governments), but that just is not the case.

Gartner Magic Quadrant Next Gen AVIf your company has more than 100 employees or more than $1 Million in sales (not that big), it should be running ‘Next Generation’ endpoint protection software.

These NextGen tools do not rely on what happened yesterday, the way old school antivirus does.  They are behavior based.  They consider the characteristics of each file and what it is doing.  Things like:

  • is the file digitally signed
  • is it from a region of the world with know issues (Russia, China…)
  • is it trying to obfuscate its name (hide behind a similar file name i.e. Word.EXE is not a Microsoft program, but WinWord.exe is)
  • is it transferring files outside company
  • is it talking to a command and control server outside of your company
  • is it trying to copy itself to other computers
  • is it trying to encrypting your hard disk
  • is it trying to launch other programs

Forester Wave Next Gen AV

and thousands of other parameters are what these Next Gen AV products consider.

We recently completed another review of several major Next Gen protection tools and the results are below.

Keep in mind that these companies frequently update their software and so these features and functions will change.  The intent of this grid is to simply give you a solid starting point to work from.

Also note that:

  1. we have a full review of Dell Endpoint Security Services Enterprise HERE
  2. we had considerable experience with Trusteer Apex (aka. IBM Trusteer) but that product ‘sort of’ was rolled into IBM BigFix and then IBM sold BigFix to a company we contacted but could not get information from

 

ProductCarbonBlack Defense – ConferCrowdstrike Falcon w/OverwatchCylance (Blackberry)Sophos Intercept XMalware Bytes 3.0
CarbonBlack Defense - ConferCrowdstrike FalconCylance - BlackberrySophos Intercept XMalwarebytes Corporate For Business
URTech’s Initial RatingAACAB
Magic Quadrant / WaveBB+B-B+B-
Behavior or File ChrctrstcsBehaviorBehaviorFileBehavior
24×7 Phone SupportYYYYY – Optional
Win 10 1903 SupportYYYYY
Server 2019 SupportYYYYY
Web Admin (SaaS)YYYYY
Path White-listingYYYYY
Dual Wildcard White list PathYY – but checkNoYY
Remote Delete FilesYPartialYNo – Need EDRY
Virus Total LinkageYYYY & InternalNo
Can Disable Windows Action Center AV Registration GenY but with QuarantineYYChecking
MD5 / SHA White-listingYYYYY
Filename White-listingYCheckingNYY
Email Alert BundlingYYYY
Block Access To Web Mail AttachmentsNNNADDITIONALN
Agent Update Frequency / Year2Every 2 Weeks2> 4 / yearConstant
Agent Update Require Reboot/NeverNRarely 1/yr?Rarely 1/yr?
Agent Update ProcessConsoleConsoleConsoleConsolePDQ/SCCM
Mobile OSNFall 2019NAdditionalSeparate Product
Disk EncryptionNNNY – AdditionalN
Agent Alerts/YYY – CustomizationY
Sand-boxingNNNYY
Must Replace AVNNNNN
PreExecution Scan/NYYY
Performance HitLowLowLowLow20mb – .5% CPU
Kernel ModeYYYYY
Server AgentYYNSeparateY – Policy
AD Password Reuse BlockNNNNN
Keyboard EncryptionNNNCheckingN
Malicious Com BlockNPartialNPartialBlacklist
AV File InspectionNNJust at InstallNY
MiscUSB Tracking for data theft – Never had a single client data breach – Falcon Complete = Contract Workers inc AIG Insurance Up To $1M For Breaches $100K+File Inspection Only – not behavior

Blackberry’s acquisition of Cylance brings future into question

Acquired Hitman Pro

Just signed large contract with Microsoft

Very positive – Solid progress in last 2 years

 


0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published.