Endgame Announces Hunt Platform 2.0, Declares IOC Independence
Hardware assisted control flow integrity (HA-CFI™) technology, Endgame MalwareScore™, and automated investigations ensure earliest detection and eviction of advanced attacks
July 27, 2016 - ARLINGTON, VA – Endgame, a leading provider of endpoint security solutions to hunt advanced adversaries, today announced several novel technologies as part of its Hunt platform version 2.0 to achieve the earliest possible detection and eviction of adversaries. These unique enhancements provide analysts with immediate detection and response to known and never-before-seen attacks prior to process execution, eliminating cost and time associated with incident response.
Today’s attacks on enterprises are growing increasingly sophisticated – exploits bypass widely-used prevention technology like Microsoft (EMET), malware bypasses signature-based detection tools, and adversaries dwell undetected in networks for an average 147 days – exposing enterprises to major business disruption and loss of critical assets. Endgame version 2.0 succeeds where others fail, detecting without waiting for threat intel and preventing exploitation prior to the adversary gaining process execution.
“Enterprises can no longer sit back and wait for threat data to come to them," said Ryan Gurr, Information Security Manager at NuScale Power. “The next generation of security challenges requires a more proactive approach to detect and respond to threats that have evaded defensive technologies. I have found Endgame’s Hunt platform helpful in allowing an analyst to quickly detect never-before-visible malicious behaviors on host systems, and block and remove threats at the earliest stages."
Endgame version 2.0 delivers the following significant innovations:
- Hardware-assisted control flow integrity (HA-CFI™) exploit protection monitors program execution in real-time and prevents attacks on endpoints before damage and loss of critical assets, earlier than any product available in the market. This technology is part of a multi-layer set of capabilities that protect against exploitation of broad classes of vulnerabilities and techniques, including heap-overflows, use-after-frees, and return oriented programming.
- Endgame MalwareScore™ signature-less malware detection engine identifies malicious files in real-time to deliver 98% effective detection of new and never-before-seen APT toolsets, ransomware, and other malware with a negligible false positive rate. MalwareScore requires no external connectivity and is lightweight – taking under 100 milliseconds per sample with the smallest memory footprint available in the industry – allowing for a stealthy presence on the endpoint. This capability streamlines the hunt process for analysts by helping focus their attention on critical information.
- Automated Investigation takes the hunt from hours or days down to minutes via one-click adversary detections based on IOC-independent adversary techniques. This includes Endgame’s best-in-industry persistence detection, which pinpoints all known and never-before-seen persistence techniques. Other one-click investigations include malicious running process detection and attacker command and control communication detection.
Endgame is a leading provider of endpoint security solutions that enable enterprises to close the protection gap against advanced adversaries prevent advanced attacks and detect and eliminate resident [or ongoing] attacks. The Endgame platform empowers hunt teams, incident responders, and security analysts to conduct an end-to-end hunt mission, significantly reducing the time to detect and contain adversaries. Our IOC-independent platform covers the entire kill chain, leveraging machine learning and data science to uncover, in real-time, unique attacks that evade traditional defenses and respond precisely without disrupting normal business operations. For more information, visit www.endgame.com and follow us on Twitter@EndgameInc.