Extended endpoint protection helps thwart multiple attack techniques that try to compromise Windows and Mac client endpoints, gain access to resources, and detonate payloads. Our multi-vector attack monitoring and isolation recognizes these techniques and stops them early before any damage is done. It can work alongside of existing anti-virus tools to provide an additional layer of defense.
Endpoint Security for Multiple Attack Vectors
Today’s attacks leverage multiple techniques to get on the endpoint, gain access to resources, and detonate their payloads.
- Use machine learning to stay ahead of attackers and zero-day attacks
- Identify malicious techniques in real-time
- Isolate compromised devices
- Gain deep visibility across endpoints, including low-level system activity
- Cover endpoints whether online or offline
- Designed to be fast with low overhead (1% CPU utilization)
- Recognize new threat faster because it is signature-less
Available in Alert Logic Essentials
Alert Logic Essentials Benefits
Security Platform
- Asset discovery
- Vulnerability scanning
- Cloud configuration checks
- Extended endpoint protection
Threat Intelligence
- Threat Risk Index
- Remediation intelligence
- Prioritization and next steps guidance
- Comprehensive vulnerability library
Expert Defenders
- 24/7 email and phone support
- PCI scanning and ASV support
- Service health monitoring
Endpoint Security Using Machine Learning and Analytics
Alert Logic Essentials provides endpoint security coverage for laptops and desktops as a first line of defense against attacks.
You get detection and active blocking capabilities for the following exploitation techniques:
Ransomware Attacks
Block attempts to ransom a computer, e.g. enumerating files from a file system, deleting local backups (shadow copy volumes), etc.
Return-Oriented Programming
Blocks exploit techniques that hijack the call stack and execute legitimate code sequences for network access and execution capabilities (ex: stack pivots, stack buffer overflows)
Credential Theft
Block malicious attempts to access Windows Local Security Authority Subsystem Service (LSASS) database, where credentials get cached
Rootkits
Blocks exploitation that attempts to modify a model-specific register (MSR) for remote code execution capabilities (exL EternalBlue, DoublePulsar, Rootkits)
Privilege Escalation
Block malicious attempts to escalate privileges, a technique commonly used by sophisticated attackers to gain administrative or root execution rights on a target system
Process Impersonation
Flags any malicious program attempting to disguise itself as legitimate Windows program in order to blend into normal system activity and evade detection (ex: Explorer.exe and Svchost.exe)
Process Injection
Block attempts to load malicious code into another valid process, a technique used to execute arbitrary code while evading detection
Atom Bombing
Blocks code injection technique that abuses Windows atom tables to store, access and share data via malicious code
Extended Endpoint Protection in Action
Early Detection and Response to WannaCry
Malformed SMB Request
WannaCry has a worm component that scans for targets within corporate network and fires at randomly-generated IP addresses. Alert Logic provides early detection, blocking, and remediation guidance to protect against exploits like WannaCry.
Remote Exploit
Kernel-level access to a target computer is achieved via specially crafted packets mishandled by the SMB port (“EternalBlue”)
Local Backdoor
To gain control and persistence, a backdoor is implanted using code injection (“DoublePulsar”)
Malicious EXE
A zip file is delivered via backdoor containing malicious EXE which is launched to initiate the ransomware payload
Payload Detonates
WannaCry ransomware encrypts files on the system and demands payment – and repeats the cycle to further propagate
Exploits
Stack Pivot Return-Oriented Programming Stack Manipulation
Process Injection
Blocks attempts to load malicious code into another valid process, a technique used to execute arbitrary code while evading detection
Executable Malware
Malicious .EXE
Malicious .DLL
Ransomware
Blocks attempts to ransom a computer, e.g. enumerating files from a file system, deleting local backups (shadow copy volumes), etc.
Extended Endpoint Security
Alert Logic Essentials keeps you a step ahead of security threats and maximizes efficiency for every organization.
- Automatically gathers new malware and goodware samples
- Trains protection models against new security threats continuously
- Tailors protection models based on your organization’s unique profile
- Maximizes protection and minimizes false positives for your business
Need to Schedule A Demo?
Please fill out the form below in its entirety or call us directly at 844.816.1051, for the UK call +44 (0) 203 011 5533.