Endgame Introduces Total Attack Lookback™ for Comprehensive Incident Review

Includes 120 days of non-repudiable forensic information that exceeds average adversary dwell time at zero additional cost

ARLINGTON, VA - October 31, 2018 - Endgame, the leader in unified endpoint protection against targeted attacks, today announced it has made critical threat intelligence data available to all customers free of charge through Total Attack Lookback™ – the industry’s first forensic review feature to exceed average adversary dwell time.

Endgame Total Attack Lookback™ provides a complete record of relevant operating system events, to ensure rapid and accurate assessment of the origin and extent of an attack, meet notification requirements, and minimize exposure to compliance and regulatory violations.

“At Endgame, my team focuses every day on the earliest possible prevention; however, there is a much larger and richer story to be told to understand all the behavior of the adversary. Total Attack Lookback tells that story. When you combine Endgame’s data retention with Endgame Artemis, I believe you get the most robust and accessible EDR capability in the market,” says Jamie Butler, Chief Technology Officer at Endgame.

Why 120 days?

According to the 2018 SANS Threat Hunting Survey, average adversary dwell time within an organization’s network exceeds 90 days, increasing the potential for extensive damage and loss.

Endgame collects and stores a wide range of operating system events including process, file, and network events for up to 120 days, capturing all activity, and identifying the complete attack path, including all affected users and assets.

Automated Investigations

The Endgame user interface includes three unique technologies to automate investigations across the Endgame event store, at scale. 

  • Artemis™, the industry’s first natural language understanding (NLU) chatbot that enables tier one analysts or security mangers to investigate incidents, rapidly triage, hunt and respond to threats in plain English.  
  • Resolver™, Endgame’s visualization technology, provides a view into the entire attack, correlating all relevant security events in the timeline and enabling users to interact, investigate, and respond using an intuitive graphical user experience.
  • EQL, Endgame’s event query language, the first of its kind – provides advanced investigators and analysts with an intuitive scripting interface to swiftly hunt for and identify suspicious activity across Endgame’s uniquely enriched event data, using the Artemis chat interface.

Endgame’s unique multi-tier architecture ensures investigations scale to the largest enterprises, and include disconnected endpoints, while ensuring privacy across geographies with the industry’s lowest impact on resources.

About Endgame

Endgame's converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before information theft. Endgame unifies prevention, detection, and threat hunting to stop known and unknown attacker behaviors at scale with a single agent. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc.