Endgame Introduces Reflex™ Real-Time, Autonomous Protection Engine To Close Adversary ‘Breakout’ Window
Reflex is the first technology to move custom protection within reach of IT Operations
May 16, 2019, Arlington, VA – Endgame, the leader in endpoint protection, today announced the launch of Endgame Reflex™, the first autonomous adversary prevention and detection engine for customized response that does not require cloud connectivity.
“As attacks continue to plague networks, IT and security operations teams face the challenge of inflexible, IOC-centric tooling that prevents them from developing effective post-compromise detection and response. Overwhelmed by false positives and brittle detections, analysts must manually respond to the threat, often well after an initial breach. Reflex changes all that,” said Mark Dufresne, VP of Research at Endgame.
Reflex enables customers to create and deploy high-confidence, customized behavioral protection rules – a capability that takes Endgame beyond the simple detection alerts seen in most endpoint protection platforms (EPPs). The Endgame agent’s unique “zero OS trust” telemetry-gathering and enrichment allow it to automatically and flexibly respond to the threat faster than ever before. And, the lack of cloud dependence means customers can be assured that policy is fully enforced on every endpoint at all times.
Both Endgame-provided and customer-configurable detections and preventions happen on the endpoint, in real-time. Removing human delay, cloud latency, and the “breakout window” that undermines effective alert triage enables organizations to finally meet their business operations, security, and compliance requirements. Reflex delivers this powerful capability across Windows, Mac, and Linux.
Endgame Reflex combines three unique technologies –
- A stateful query language. Event Query Language (EQL) is a powerful and extensible open-source language developed by Endgame to express relationships between security-relevant events. EQL can chain multiple behaviors to describe unwanted, suspicious, or malicious behaviors. Endgame users can describe and detect unwanted behavior at a MITRE ATT&CK technique level or by combining techniques, identifying attacks at the earliest and all stages of an attack.
- A fail-safe IDE. The Endgame UI includes a unique Interactive Development Environment for creating customized Reflexes - the combination of detections and responses - unique to the business and compliance requirements of an enterprise. The IDE can also test each model’s efficacy against a baseline of enterprise activity to prevent false positives.
- Host-based, inline execution engine. As events occur on the endpoint, Endgame collects and enriches telemetry on the endpoint itself, passing it through the attack models in near-real-time for the fastest possible prevention and detection across Windows, Mac, and Linux without any requirement for cloud connectivity.
Reflex joins the company’s industry-leading preventions including Malwarescore™ for file-based attacks and malicious Microsoft Office files, and Endgame’s patented behavioral preventions which block exploits, fileless attacks, ransomware, and more in real-time. Reflex redefines market-leading protection, bringing together endpoint-based preventions, and pre- and post-compromise detections across the entire MITRE ATT&CK matrix, with the fastest possible response and full configurability.
“Endgame Reflex is yet another demonstration of our commitment to delivering a solution with the broadest scope, highest efficacy, and lowest resource utilization in a single agent, packing far and away more power than any other solution,” said Ian McShane, VP of Product Marketing at Endgame.
More information about Endgame Reflex is available on our blog, What is Reflex?.
Endgame makes military-grade endpoint protection as simple as anti-virus. Leveraging the industry’s most advanced machine learning technology, Endgame enables security operators of any skill level to deliver full-force protection, stopping everything from ransomware, to phishing, and targeted attacks. Endgame is the only endpoint security platform to offer a unique hybrid architecture that delivers both cloud administration and data localization that meets all industry, regulatory, and global compliance requirements. The US military as well as the world's largest commercial organizations rely on Endgame to protect their people, technology and mission, globally. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc