Extended endpoint protection helps thwart multiple attack techniques that try to compromise Windows and Mac client endpoints, gain access to resources, and detonate payloads. Our multi-vector attack monitoring and isolation recognizes these techniques and stops them early before any damage is done. It can work alongside of existing anti-virus tools to provide an additional layer of defense.

Endpoint Security for Multiple Attack Vectors

Today's attacks leverage multiple techniques to get on the endpoint, gain access to resources, and detonate their payloads.

  • Use machine learning to stay ahead of attackers and zero-day attacks
  • Identify malicious techniques in real-time
  • Isolate compromised devices
  • Gain deep visibility across endpoints, including low-level system activity
  • Cover endpoints whether online or offline
  • Designed to be fast with low overhead (1% CPU utilization)
  • Recognize new threat faster because it is signature-less

Available in Alert Logic Essentials

Alert Logic Essentials Benefits

Security Platform
  • Asset discovery
  • Vulnerability scanning
  • Cloud configuration checks
  • Extended endpoint protection
Threat Intelligence
  • Threat Risk Index
  • Remediation intelligence
  • Prioritization and next steps guidance
  • Comprehensive vulnerability library
Expert Defenders
  • 24/7 email and phone support
  • PCI scanning and ASV support
  • Service health monitoring

Endpoint Security Using Machine Learning and Analytics

Alert Logic Essentials provides endpoint security coverage for laptops and desktops as a first line of defense against attacks.
You get detection and active blocking capabilities for the following exploitation techniques:

Ransomware Attacks

Block attempts to ransom a computer, e.g. enumerating files from a file system, deleting local backups (shadow copy volumes), etc.

Return-Oriented Programming

Blocks exploit techniques that hijack the call stack and execute legitimate code sequences for network access and execution capabilities (ex: stack pivots, stack buffer overflows)

Credential Theft

Block malicious attempts to access Windows Local Security Authority Subsystem Service (LSASS) database, where credentials get cached

Rootkits

Blocks exploitation that attempts to modify a model-specific register (MSR) for remote code execution capabilities (exL EternalBlue, DoublePulsar, Rootkits)

Privilege Escalation

Block malicious attempts to escalate privileges, a technique commonly used by sophisticated attackers to gain administrative or root execution rights on a target system

Process Impersonation

Flags any malicious program attempting to disguise itself as legitimate Windows program in order to blend into normal system activity and evade detection (ex: Explorer.exe and Svchost.exe)

Process Injection

Block attempts to load malicious code into another valid process, a technique used to execute arbitrary code while evading detection

Atom Bombing

Blocks code injection technique that abuses Windows atom tables to store, access and share data via malicious code

Extended Endpoint Protection in Action
Early Detection and Response to WannaCry

Malformed SMB Request

WannaCry has a worm component that scans for targets within corporate network and fires at randomly-generated IP addresses. Alert Logic provides early detection, blocking, and remediation guidance to protect against exploits like WannaCry.

Remote Exploit

Kernel-level access to a target computer is achieved via specially crafted packets mishandled by the SMB port (“EternalBlue”)

Exploits

Stack Pivot Return-Oriented Programming Stack Manipulation

Local Backdoor

To gain control and persistence, a backdoor is implanted using code injection (“DoublePulsar”)

Process Injection

Blocks attempts to load malicious code into another valid process, a technique used to execute arbitrary code while evading detection

Malicious EXE

A zip file is delivered via backdoor containing malicious EXE which is launched to initiate the ransomware payload

Executable Malware

Malicious .EXE
Malicious .DLL

Payload Detonates

WannaCry ransomware encrypts files on the system and demands payment - and repeats the cycle to further propagate

Ransomware

Blocks attempts to ransom a computer, e.g. enumerating files from a file system, deleting local backups (shadow copy volumes), etc.

Exploits

Stack Pivot Return-Oriented Programming Stack Manipulation

Process Injection

Blocks attempts to load malicious code into another valid process, a technique used to execute arbitrary code while evading detection

Executable Malware

Malicious .EXE
Malicious .DLL

Ransomware

Blocks attempts to ransom a computer, e.g. enumerating files from a file system, deleting local backups (shadow copy volumes), etc.

Extended Endpoint Security

Alert Logic Essentials keeps you a step ahead of security threats and maximizes efficiency for every organization.

  • Automatically gathers new malware and goodware samples
  • Trains protection models against new security threats continuously
  • Tailors protection models based on your organization’s unique profile
  • Maximizes protection and minimizes false positives for your business

Need to Schedule A Demo?

Please fill out the form below in its entirety or call us directly at 844.816.1051, for the UK call +44 (0) 203 011 5533.