Detect and manage malware on endpoints 24/7
The shift to attacking endpoints with advanced malware has drastically changed the security landscape. Traditional protection is no longer enough and detection needs to shift to mitigation in close to real time to add value to the customers, for example in the case of ransomware.
Sentor EndpointSentry is built on new technology that identifies threats on both servers and clients using very light-weight deployment and implementation.
Identify suspicious activity on clients and servers
The detection is based on heuristic analysis of suspicious behavior by code on the endpoint in real-time. Information on the possible threat activity is reported and correlated by Sentor 24/7 SOC to ensure that only actual incidents are detected.
Sentor’s SOC manage incidents according to your IRP
When an incident is confirmed by the SOC, a multitude of actions can be taken directly, for example isolating the endpoint, stop processes on the endpoint or just alerting customers of an ongoing incident, all according to the Incident Response Plan (IRP) defined together with the client.
Interested? Contact us!Contact Us
EndpointSentry is an agentless solution that accurately detects sophisticated cyber-attacks including crypto-lockers and advanced malware. EndpointSentry uses a unique approach to detecting threats, which includes the correlation and analysis of indicators across files, users, networks and endpoints.
This approach enables Sentor to detect potential threats, anomalies and zero-day malware that can bypass existing detection solutions. In addition, potential threats are identified and automatically evaluated to determine risk levels, thereby ensuring that the security and IT departments will not be flooded with inconclusive ‘gray’ findings and additional workload.
Sentor’s EndpointSentry supports both client and server endpoints
EndpointSentry is not limited to clients, but also supports server endpoints. EndpointSentry collects indicators, analyses them in its multi-stage analysis process, and alerts Sentor SOC, enabling active threat management 24/7. The multi-stage analysis include:
Collect – Threat detection begins with the scanning of corporate assets including endpoints, users, files and the network. Indicators are collected and a baseline is created to track authorized and malicious changes within the ecosystem.
Analyze – Collected indicators are filtered through the correlation engine, security intelligence module and behavior inspection, using both static and dynamic [sandbox] analysis. EndpointSentry identifies anomalies such as;
- suspicious endpoint network configuration changes
- system file modifications
- registry changes
- suspect user activity
and uses its automatic multi-stage analysis to confirm the threat and risk levels
Alert – Once EndpointSentry has determined that a threat exists, Sentor SOC 24/7 will be alerted and have the possibility to verify the threat and take action according to the customers Incident Response Plan.
Remediate – EndpointSentry enables the effective cleanup of infected corporate assets with instantaneous remediation of threats in progress, through quarantine or file deletion, blocking of users or taking systems offline according to the customers Incident Response Plan.
Get started in no time
EndpointSentry can be installed within hours, and requires virtually no IT resources for operation and maintenance. In ongoing operation, the agentless solution does not impact data/user privacy, availability or performance. It ensures that your environment remains ‘clean’ and provides effective and comprehensive attack detection and remediation.
As part of the threat identification analysis detection following stages occur:
- Threats are constantly being checked against existing and new security intelligence sources
- Sandboxing can be executed either on premise or in a cloud environment
- Expert Cyber analysts provide manual analysis of indicators in cases of inconclusive automatic findings to uncover hard to find threats while significantly reducing the false positive ratio
SOC analysts take direct action according to customer Incident Response Plan to stop threats from executing, spreading or exfiltrating data.
The following are examples of actions that can be taken by the SOC 24/7:
- Isolate the endpoint from the network
- Stop processes from execution
- Extract files for analysis
- Lock user
- Notify customer of incident (always done for all detected incidents)